Cybersecurity in the healthcare sector is an ongoing challenge and is still underdeveloped. There are not only technological challenges but also human barriers to be overcome in the face of an exponential growth in cyber-attacks against healthcare organisations. There needs to be a sea change in conveying cybersecurity as key to patient wellbeing and safety rather than as an obstacle to delivering healthcare services. To this end, it is important to ensure that cybersecurity measures work within the clinical workflow and that secure behaviours become a collaborative effort with a shared goal.
In the face of pandemic restrictions, the scenario revolved around a multi-faceted survey for doctors, nurses and administration staff at Fondazione Policlinico Gemelli, with the aim of understanding perceptions of cybersecurity by these staff groupings. The first survey explored attitudes towards cybersecurity in the workplace, assessing the current cybersecurity within the hospital. Then it investigated technology use and staff access to patient data outside the official work system, asking how often they access patient data outside the workplace and which technology they use to do so. The third assess how important and achievable staff believe behaviours in the IT policy to be, rating 52 security behaviours in FPG’s security policy in terms of importance and achievability.
Understanding the underlying reasons for different security behaviours is key to finding the best measures to improve behaviours and tailor them to specific staff groupings with the involvement of the supervisor given her/his central role in shaping the organisational environment. This PANACEA tool not only allows healthcare organisations to do this but also allows them to explore possible mismatches between cybersecurity policy and clinical workflows and how this is experienced in terms of actual behaviour. This is crucial for informing system design and ensuring workflow alignment in practical terms. The Secure Nudging Tool brings key insights into what’s going on and enables effective risk management and share values.
“I found the questionnaires really useful. I think that they really can make emerge what is going wrong and take action. They also spot the differences across the different type of staff. I think that the simple fact of getting the people to fill the Questionnaires is a powerful method to raise the awareness”. Surgeon of the Emergency Surgery Department