Improving the Cyber Security Knowledge of Healthcare Workers to Improve Patient Safety

Abstract

Introduction: Digitalization is one of the fastest changing phenomena of our time. The changes cause the continuous transformation and elimination of dangerous risk factors to organizational functioning, and the creation of new ones, which is why dynamic risk management is an important tool for organizational security. Cyber ​​security is part of organizational security, and in the healthcare sector it is closely related to patient security.

Objective: The purpose of the publication is to present the domestic and international literature on this extremely important and current topic, to establish and explain the conclusions that can be drawn, and to formulate proposals that can be used in practice based on the literature.

Method: Literature research was conducted in domestic and international publications with a fixed keyword search, a collection template, and a content evaluation using fixed criteria.

Results: The number of reviewed articles and source documents was forty-three, the number of included documents was thirty-three, and ten documents were excluded. All included articles and source documents were described and used in this publication. After presenting the domestic legal regulatory and strategic documents, the publication discusses the European Union regulators, focusing in detail on the Network and Information Security regulators. After the discussion of social cyber security, the publication describes the organizational aspects and discusses in detail the literature presenting the measurement possibilities of cyber awareness in the workplace. After the presentation of the literature analysing attacks on institutions and databases in the field of the healthcare sector, the problem of cyber threats to healthcare devices and finally the topic of cyber awareness attitude surveys is discussed.

Discussion: The low level of overall social cyber awareness and, consequently, the deficiencies of the employees of the organizations can be established. A suitable methodology for assessing the problems can be found in the literature, and it is possible to compile and apply targeted educational materials. The introduction of attitude surveys and the use of the results make it easier to achieve behavioural change and to improve cyber awareness.

Conclusion: The extremely vulnerable situation of the healthcare sector justifies the assessment of cyber security deficiencies, the introduction of education, the creation of emergency plans and the conduct of regular trainings.