Litcius/Paper detail

Human factors in cybersecurity: Designing an effective cybersecurity education program for healthcare staff

Maria Waddell

2023Healthcare Management Forum15 citationsDOIOpen Access PDF

Abstract

Leaders who promote cybersecurity education focused on the human factors of cyberattack build a resilient workforce that complements technical protections, reducing organizational risk. Cybersecurity is a priority for information technology teams, relying primarily on technology to protect systems. As technical protections mature, the vulnerability shifts to human factors. Education must focus on the risk presented by humans rather than machines. A human factors-centred education program trains human reaction to threats considering the unique healthcare environment. Leaders may look to industries, like aviation, experiencing similar technical advancement, for education practices based on human factors. This article outlines a cybersecurity education program developed for healthcare, applying strategies adopted from commercial aviation. Four core pillars of training are defined: (1) dynamic education delivery options, (2) social engineering focused simulations, (3) high-risk positions and role-based training, and (4) stakeholder and leadership engagement. The first phase of implementation has been analyzed and offers some lessons for health leaders.

Topics & Concepts

Health careHuman servicesBusinessVulnerability (computing)WorkforcePublic relationsComputer securityAviationKnowledge managementComputer scienceEngineeringPolitical scienceAerospace engineeringLawInformation and Cyber SecuritySafety Systems Engineering in AutonomyOccupational Health and Safety Research
Human factors in cybersecurity: Designing an effective cybersecurity education program for healthcare staff | Litcius