Hospital Size and Cybersecurity Practices: Evaluating Nurses' Awareness in Indonesia
Abstract
Introduction: This study aimed to evaluate nurses' knowledge, attitudes, and practices (KAP) regarding cybersecurity in healthcare settings, focusing on variations across hospitals of different sizes. Cybersecurity is critical in the digitalization of healthcare, yet gaps in awareness and training persist, particularly in developing countries. With increasing cyber threats targeting healthcare institutions globally, this study seeks to address the underexplored role of nurses in safeguarding hospital information systems.
Methods: This cross-sectional study was conducted in three government hospitals in Makassar, Indonesia, from [start month/year] to [end month/year]. A total of 331 nurses participated, representing hospitals of varying organizational sizes and bed capacities. Data were collected using structured questionnaires, assessing KAP related to cybersecurity. Ethical approval was obtained from [name of ethics committee], and written informed consent was secured from all participants. Data were analysed using descriptive and inferential statistics, with significance set at p < 0.05.
Results: The study revealed significant gaps in nurses' cybersecurity knowledge, attitudes, and practices. Awareness of hospital cybersecurity policies was low (43.2%), particularly in larger hospitals. Hospital 3, the smallest, exhibited higher awareness (59.0%) compared to Hospital 1 (35.8%) and Hospital 2 (39.6%) (p = 0.03). Risky behaviours, such as using personal devices for sensitive data transfer, were prevalent (77.0%), with the highest incidence in larger hospitals. Statistical analyses confirmed significant variations in cybersecurity KAP based on hospital size and organizational complexity.
Conclusion: This study highlights the critical need for targeted cybersecurity training programs, particularly for nursing staff in larger hospitals, through raising awareness of social engineering attacks, email scams, and infection detection. By addressing gaps in awareness and practices, hospitals can enhance data protection and mitigate risks. Future research should explore tailored interventions and organizational factors influencing cybersecurity in healthcare systems to inform global health policies.
References
Sabet C, Lin JC, Zhong A, Nguyen D. Cybersecurity in the age of digital pandemics: protecting patient data in low-income and middle-income countries. Lancet Glob Heal [Internet]. 2024 Jun 1 [cited 2024 Oct 28];12(6):e911–2. Available from: http://www.thelancet.com/article/S2214109X24001244/fulltext
Sardi A, Rizzi A, Sorano E, Guerrieri A. Cyber Risk in Health Facilities: A Systematic Literature Review. Vol. 12, Sustainability. 2020.
Kamerer JL, McDermott D. Cybersecurity: Nurses on the Front Line of Prevention and Education. J Nurs Regul [Internet]. 2020 Jan 1;10(4):48–53. Available from: https://doi.org/10.1016/S2155-8256(20)30014-4
Rajamäki J, Rathod P, Kioskli K. Demand Analysis of the Cybersecurity Knowledge Areas and Skills for the Nurses: Preliminary Findings. Eur Conf Cyber Warf Secur [Internet]. 2023 Jun 19 [cited 2024 Nov 10];22(1):711–6. Available from: https://papers.academic-conferences.org/index.php/eccws/article/view/1181
Kamerer JL, McDermott DS. Cyber hygiene concepts for nursing education. Nurse Educ Today. 2023 Nov;130:105940.
Waddell M. Human factors in cybersecurity: Designing an effective cybersecurity education program for healthcare staff. Healthc Manag forum. 2024 Jan;37(1):13–6.
Gioulekas F, Stamatiadis E, Tzikas A, Gounaris K, Georgiadou A, Michalitsi-Psarrou A, et al. A Cybersecurity Culture Survey Targeting Healthcare Critical Infrastructures. Healthc (Basel, Switzerland). 2022 Feb;10(2).
World Health Organisation. WHO reports outline responses to cyber-attacks on health care and the rise of disinformation in public health emergencies [Internet]. 2021 [cited 2024 Nov 19]. Available from: https://www.who.int/news/item/06-02-2024-who-reports-outline-responses-to-cyber-attacks-on-health-care-and-the-rise-of-disinformation-in-public-health-emergencies
Parsons K, Calic D, Pattinson M, Butavicius M, McCormac A, Zwaans T. The Human Aspects of Information Security Questionnaire (HAIS-Q): Two further validation studies. Comput Secur. 2017 May 1;66:40–51.
Sari PK. Model Perilaku Keamanan Sistem Informasi Kesehatan dan Implikasinya dalam Pengembangan Roadmap Manajemen Keamanan Informasi pada Fasilitas Pelayanan Kesehatan di Indonesia. Universitas Indonesia; 2023.
Egelman S, Peer E. Scaling the security wall : Developing a security behavior intentions scale (SeBIS). Conf Hum Factors Comput Syst - Proc [Internet]. 2015 Apr 18 [cited 2024 Oct 28];2015-April:2873–82. Available from: https://dl.acm.org/doi/10.1145/2702123.2702249
Hadlington L. Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon. 2017 Jul 1;3(7):e00346.
Ifinedo P, Akinnuwesi BA. Employees’ non-malicious, counterproductive computer security behaviors (CCSB) in Nigeria and Canada: An empirical and comparative analysis. IEEE Int Conf Adapt Sci Technol ICAST. 2015 Mar 25;2015-January.
Hore K, Hoi Tan M, Kehoe A, Beegan A, Mason S, Al Mane N, et al. Cybersecurity and critical care staff: A mixed methods study. Int J Med Inform. 2024 May;185:105412.
Kandasamy K, Srinivas S, Achuthan K, Rangan VP. Digital Healthcare - Cyberattacks in Asian Organizations: An Analysis of Vulnerabilities, Risks, NIST Perspectives, and Recommendations. IEEE Access. 2022;10:12345–64.
Nifakos S, Chandramouli K, Nikolaou CK, Papachristou P, Koch S, Panaousis E, et al. Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review. Sensors (Basel). 2021 Jul;21(15).
Jalali MS, Kaiser JP. Cybersecurity in Hospitals: A Systematic, Organizational Perspective. J Med Internet Res. 2018 May;20(5):e10059.
Niki O, Saira G, Arvind S, Mike D. Cyber-attacks are a permanent and substantial threat to health systems: Education must reflect that. Digit Heal. 2022;8:20552076221104664.
Teymourlouei H, Harris V. Effective Methods to Monitor IT Infrastructure Security for Small Business. In: 2019 International Conference on Computational Science and Computational Intelligence (CSCI). 2019. p. 7–13.
Alharbi F, Alsulami M, AL-Solami A, Al-Otaibi Y, Al-Osimi M, Al-Qanor F, et al. The Impact of Cybersecurity Practices on Cyberattack Damage: The Perspective of Small Enterprises in Saudi Arabia. Sensors [Internet]. 2021;21(20). Available from: https://www.mdpi.com/1424-8220/21/20/6901
Chowdhury N, Gkioulos V. A personalized learning theory-based cyber-security training exercise. Int J Inf Secur [Internet]. 2023;22(6):1531–46. Available from: https://doi.org/10.1007/s10207-023-00704-z
Willing M, Dresen C, Gerlitz E, Haering M, Smith M, Binnewies C, et al. Behavioral responses to a cyber attack in a hospital environment. Sci Rep [Internet]. 2021;11(1):19352. Available from: https://doi.org/10.1038/s41598-021-98576-7
Kulju E, Jarva E, Oikarinen A, Hammarén M, Kanste O, Mikkonen K. Educational interventions and their effects on healthcare professionals’ digital competence development: A systematic review. Int J Med Inform [Internet]. 2024;185:105396. Available from: https://www.sciencedirect.com/science/article/pii/S1386505624000595
Arain MA, Tarraf R, Ahmad A. Assessing staff awareness and effectiveness of educational training on IT security and privacy in a large healthcare organization. J Multidiscip Healthc. 2019;12:73–81.
Argyridou E, Nifakos S, Laoudias C, Panda S, Panaousis E, Chandramouli K, et al. Cyber Hygiene Methodology for Raising Cybersecurity and Data Privacy Awareness in Health Care Organizations: Concept Study. J Med Internet Res. 2023 Jul;25:e41294.
Khan, W. (2024). Managing Multimillion-Dollar Security Budgets for Maximum ROI: Insights into Optimizing Resource Allocation to Ensure Cost-Effective Security Solutions. Journal of Engineering and Applied Sciences Technology. https://doi.org/10.47363/jeast/2024(6)e136.
Jalali, M., & Kaiser, J. (2018). Cybersecurity in Hospitals: A Systematic, Organizational Perspective. Journal of Medical Internet Research, 20. https://doi.org/10.2139/ssrn.3100364.
Copyright (c) 2025 Journal of Public Health and Pharmacy
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with Journal of Public Health and Pharmacy retain the copyright of their work. The journal applies a Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0), which grants the following rights:
-
Copyright Retention: Authors retain the copyright of their work, maintaining full control over their intellectual property without restrictions.
-
Right of First Publication: Authors grant the journal the right of first publication of their work. This ensures that the work is initially published and credited in Journal of Public Health and Pharmacy.
-
License to Share and Reuse: The work is licensed under CC BY-SA 4.0, allowing others to copy, distribute, remix, and build upon the work for any purpose, even commercially, as long as proper credit is given to the authors, and any new creations are licensed under the same terms.
