Cybersecurity Culture Among Healthcare Workers in Indonesia: Knowledge Gaps, Demographic Influences, and Strategic Policy Solutions

preprint OA: closed
Full text JSON View at publisher
Full text 113,204 characters · extracted from preprint-html · click to expand
Cybersecurity Culture Among Healthcare Workers in Indonesia: Knowledge Gaps, Demographic Influences, and Strategic Policy Solutions | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Cybersecurity Culture Among Healthcare Workers in Indonesia: Knowledge Gaps, Demographic Influences, and Strategic Policy Solutions Irwandy Irwandy, Adelia U. Ady Mangilep, Rini Anggraeni, Noer Bahry Noor, and 2 more This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-5421169/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Introduction: Digitalization in healthcare has increased cybersecurity risks, especially in regions with limited protective measures. In Indonesia, the cybersecurity culture among healthcare professionals remains underdeveloped, posing potential threats to patient data security. Objectives: This study assessed cybersecurity culture among healthcare workers in Makassar, Indonesia, focusing on their knowledge, attitudes, and practices, and examined the influence of demographics on these factors. Methods: A cross-sectional survey was conducted with 574 healthcare workers from three hospitals in Makassar. The survey measured cybersecurity knowledge, attitudes, and practices, and analyzed demographic influences such as age, gender, and profession. Results: Findings revealed substantial knowledge gaps, with 61.7% of respondents unaware of cybersecurity policies, and 65.5% unable to recognize email fraud. Although attitudes toward security were generally positive, risky behaviors—such as using personal devices for sensitive data (72.1%) and installing unauthorized software (70.2%)—persisted. Younger healthcare workers and nurses exhibited stronger cybersecurity practices, while older staff and physicians had lower compliance. Conclusion: This study underscores an urgent need for comprehensive cybersecurity training, policy clarity, and leadership support in Indonesian healthcare. Targeted interventions based on demographic factors could enhance adherence to cybersecurity practices, bolstering patient data protection and healthcare system resilience. Cybersecurity culture Healthcare professionals Data protection Digital security Indonesia Figures Figure 1 1. Introduction The healthcare sector increasingly becomes a prime target for cyberattacks due to its growing reliance on digital technologies and the sensitive nature of the data it handles. As healthcare systems rapidly undergo digital transformation, cyber threats pose significant risks not only to patient privacy but also to the overall functionality of healthcare services. Cybercriminals exploit both technological vulnerabilities and human factors, making the cybersecurity culture among healthcare workers a critical line of defense. However, despite the urgency of these threats, cybersecurity culture among healthcare professionals remains underdeveloped in many regions, particularly in Indonesia. Globally, cultivating a strong information security culture (ISC) is essential for safeguarding electronic Protected Health Information (ePHI). Countries with well-established cybersecurity infrastructures, such as the United States and parts of Europe, demonstrate fewer vulnerabilities through comprehensive training and leadership support. In contrast, Indonesia faces substantial challenges in fostering such a culture among healthcare workers. Research indicates that Indonesian medical personnel exhibit low cybersecurity awareness, with an ISC score of 2.588, significantly below international standards ( 1 ). These deficiencies expose patient data to risks and threaten the continuity of healthcare services. Indonesia’s broader cybersecurity landscape reflects these concerns. In 2022, the country recorded nearly one billion traffic anomalies linked to potential cyberattacks, emphasizing the need for enhanced protective measures ( 2 ). Despite some progress, Indonesia ranks sixth in the Asia-Pacific region in cybersecurity readiness, highlighting critical gaps that leave healthcare systems vulnerable ( 1 ). Contributors to this weak cybersecurity culture include high stress levels among healthcare workers, inadequate training, and limited support from top management ( 3 , 4 ). Furthermore, variations in ISC across healthcare facilities suggest that inconsistent training and leadership significantly influence cybersecurity practices. Research reveals significant differences in cybersecurity culture among various healthcare professions. Nurses often demonstrate higher cybersecurity competence than physicians, while healthcare workers with more experience show better adherence to security protocols ( 5 ). Additionally, factors such as age and sex influence the adaptability and receptiveness to cybersecurity practices, impacting the overall security posture of healthcare organizations ( 6 , 7 ). Given these challenges, this study aims to assess the current state of cybersecurity culture among healthcare workers in Makassar, Indonesia. Specifically, it evaluates the cybersecurity awareness and practices of healthcare workers and explores the relationships between different healthcare professions, age, gender, and their levels of cybersecurity culture. By addressing these gaps, this research provides critical insights that inform the development of tailored training programs and policy interventions aimed at enhancing cybersecurity practices in Indonesian healthcare settings. While focused on Makassar, the relevance of this study extends beyond Indonesia. Many countries, particularly in Southeast Asia, Africa, and Latin America, face similar challenges in establishing robust cybersecurity cultures within their healthcare systems due to limited resources and fragmented leadership ( 8 , 9 ). Therefore, the findings of this research contribute not only to Indonesia’s healthcare security but also to the global understanding of cybersecurity in emerging markets. By exploring how occupational roles influence cybersecurity behaviors, the study offers valuable insights that can be applied in other developing nations, supporting broader efforts to secure healthcare systems worldwide. This study provides original contributions to the global discourse on healthcare cybersecurity, offering a pathway to elevate security standards, protect sensitive patient data, and safeguard the integrity of healthcare systems in Indonesia and similar contexts globally. Through this research, we aim to lay the groundwork for enhanced cybersecurity training and practices, ultimately leading to a more resilient healthcare environment. 2. Methods The framework used to evaluate the cybersecurity culture among healthcare workers in this study was adapted from a methodology that classifies cybersecurity culture into two levels: individual and group ( 10 ). This research focused on the individual level, specifically targeting healthcare professionals. To examine cybersecurity culture from an individual perspective, we developed a modified research instrument to measure information security behavior, drawing from several previous studies ( 11 – 16 ). The instrument included three main components: Knowledge, Attitudes, and Practices. Tabel 1. Questionnaire items and references. Items References A. Knowledge 1. Does the hospital where you work have a hospital cybersecurity policy? ( 11 ) 2. Do you know when your computer is hacked or infected and who to contact when that happens? ( 11 – 13 ) 3. Do you know what email fraud is and how to identify it? ( 11 ) 4. Are you aware and trained regarding cyber security in hospitals? ( 11 ) 5. Do you know what a social engineering attack is? ( 11 ) B. Attitudes 6. My computer is of no value to hackers and hackers are not targeting me ( 11 ) 7. Following the safety policies in the hospital helps me to do my job better ( 11 ) 8. I am confident that I can recognize a security problem or incident if I see one. ( 11 ) C. Practices ( 11 ) 9. Is an antivirus currently installed on your computer? ( 11 ) 10. How careful are you when opening attachments in emails? ( 11 – 13 ) 11. Do you use your personal devices, such as mobile phones, flash drives or CD/DVDs to store or transfer confidential hospital information? ( 11 , 12 , 15 , 16 ) 12. Do you download and install software on your computer at the hospital? ( 11 – 13 , 15 – 17 ) 13. Do you lock your computer when you leave the hospital even for a moment? ( 11 – 14 ) 14. Do you give your password to your coworkers or manager when asked? ( 11 – 13 , 15 , 16 ) The study targeted healthcare workers in three provincial government hospitals in South Sulawesi, Indonesia. A convenience sampling method was employed to recruit participants, which included all healthcare professionals who had authorized access to patients' electronic medical records. In total, 577 respondents participated in the study. The questionnaire comprised sections on demographics (age, sex, and healthcare profession) and cybersecurity behaviors (knowledge, attitudes, and practices). A total of 14 items were developed to assess these aspects, with references to existing literature for validation. To ensure better comprehension, the questionnaire was translated from English to Indonesian, addressing potential language barriers. After data collection, responses were translated back into English to ensure consistency and accuracy. The survey was conducted between February 2024 and November 2024. Participation was voluntary, and each respondent provided informed consent prior to completing the survey. There was no time limit for completing the questionnaire, and participants were not offered any compensation or incentives. To examine the relationship between demographic variables (age, sex, healthcare profession types) and cybersecurity culture, a chi-square test was employed for data analysis. This statistical method was chosen to determine if there were significant associations between categorical variables. To ensure the validity and reliability of the instrument, we conducted a pilot study prior to the main data collection phase. Feedback from healthcare professionals was used to refine the questionnaire items. Additionally, we calculated Cronbach's alpha to assess the internal consistency of the scales used in the study. The study assumed that all respondents would provide honest and accurate responses regarding their knowledge, attitudes, and practices related to cybersecurity. It also assumed that the sample would be representative of the broader population of healthcare workers in the region. 3. Results The Table 2 presents the results of the survey conducted to assess the knowledge, attitudes, and practices related to cybersecurity among healthcare workers at three hospitals in Makassar, Indonesia. The data presented in this table highlight key areas that require further attention, particularly concerning knowledge and attitudes toward cybersecurity threats, as well as practices that remain suboptimal within the healthcare workforce. Table 2 Survey Results on Knowledge, Attitudes, and Practices Regarding Cybersecurity Among Healthcare Workers No Items Yes No Total n % n % n % A. Knowledge 1 Hospital has a cybersecurity policy 220 38.3 354 61,7 574 100 2 Know when computer is hacked or infected and who to contact 126 22 448 78 574 100 3 Know what email fraud is and how to identify it 198 34.5 376 65.5 574 100 4 Aware and trained regarding cyber security in hospitals 259 45.1 315 54.9 574 100 5 Know what a social engineering attack is 232 40.4 342 59.6 574 100 B. Attitudes 6 My computer is of no value to hackers and hackers are not targeting me 283 49.3 291 50.7 574 100 7 Following the safety policies in the hospital helps me to do my job better 574 100 0 0 574 100 8 Can recognize a security problem or incident. 363 63.2 211 36.8 574 100 C. Practices 9 Antivirus currently installed on computer 366 63.8 208 36.2 574 100 10 Careful when opening attachments in emails 513 89.4 61 10.6 574 100 11 Use personal devices, such as mobile phones, flash drives or CD/DVDs to store or transfer confidential hospital information 414 72.1 160 27.9 574 100 12 Download and install software on computer hospital 171 29.8 403 70.2 574 100 13 Lock the computer when leave the hospital 331 57.7 243 42.3 574 100 14 Gave password to coworkers or manager when asked 226 39.4 348 60 574 100 3.1. Knowledge of Cybersecurity The results regarding healthcare workers' knowledge of cybersecurity showed significant gaps in understanding critical concepts. One of the most concerning findings was the low level of awareness surrounding the existence of formal hospital cybersecurity policies. While 38.3% of respondents reported that their hospital had a cybersecurity policy, the majority (61.7%) were unaware of such policies, which highlights a potential vulnerability in hospital-wide cybersecurity initiatives. Additionally, a substantial proportion of healthcare workers lacked basic knowledge of how to identify and respond to cyberattacks. Only 22% of participants knew when their computer had been hacked or infected and understood who to contact in such situations. This indicates a considerable gap in cybersecurity preparedness, particularly in how healthcare workers should react to security breaches. This is concerning given that timely responses are critical in minimizing damage from cyberattacks. Another area of concern was the understanding of email fraud. Despite the prevalence of phishing attacks in the healthcare sector, over 65% of respondents did not know how to identify email fraud. This indicates a lack of training or awareness about one of the most common vectors for cyberattacks in healthcare. Finally, while 45.1% of healthcare workers reported being aware of cybersecurity training within their hospitals, the remaining 54.9% had not received such training. This disparity underscores the importance of widespread and consistent cybersecurity education across healthcare organizations, as training is a key factor in improving cybersecurity awareness and practices. 3.2. Attitudes Toward Cybersecurity The attitudes of healthcare workers toward cybersecurity revealed mixed perceptions regarding the importance of securing sensitive information. Notably, 49.3% of respondents believed their computers were of no value to hackers, suggesting a dangerous underestimation of the risks faced by healthcare institutions. This perception can contribute to complacency, making workers less likely to follow cybersecurity protocols or take necessary precautions, thus increasing the overall vulnerability of the healthcare system. However, despite the lack of perceived personal risk, there was a high level of agreement on the importance of following safety policies. 100% of respondents indicated that adhering to hospital safety protocols helped them perform their job better, demonstrating a strong belief in the value of institutional security measures. This suggests that while workers may not perceive immediate threats to their own systems, they acknowledge the broader importance of cybersecurity within the organizational context. Furthermore, a majority (63.2%) felt confident in their ability to recognize security problems or incidents. This is an encouraging sign, as awareness and self-efficacy are crucial components of a strong cybersecurity culture. However, the remaining 36.8% expressed uncertainty, which suggests that there may still be a need for further training to ensure all workers can identify and appropriately respond to security incidents. 3.3. Cybersecurity Practices When examining the actual cybersecurity practices of healthcare workers, the results showed a more positive picture in certain areas, but also highlighted areas of concern. For instance, 63.8% of participants reported having antivirus software installed on their work computers. This suggests a reasonable level of proactive protection against cyber threats. However, the remaining 36.2% of respondents did not use antivirus software, which is alarming given the widespread risks posed by malware and other cyber threats. A particularly encouraging finding was the high level of caution shown when opening email attachments. A substantial majority (89.4%) of healthcare workers reported being careful when handling email attachments, which is one of the most common entry points for malicious software. This indicates a relatively strong awareness of basic email security practices among the workforce. However, a more troubling practice was the use of personal devices for storing or transferring confidential hospital information. Over 72% of respondents admitted to using personal devices, such as mobile phones, flash drives, or CDs/DVDs, for these purposes. This practice presents a significant risk, as personal devices may not have the same level of security as hospital-provided equipment and can serve as potential entry points for cybercriminals. Moreover, a significant proportion of healthcare workers (70.2%) reported downloading and installing unauthorized software on hospital computers. This behavior directly contradicts basic cybersecurity protocols, which emphasize restricting the installation of unauthorized applications to prevent the introduction of malware or vulnerabilities into the hospital network. The findings also indicated a mixed adherence to practices such as locking computers when leaving the workplace. While 57.7% of respondents reported locking their computers, 42.3% did not follow this simple yet effective security measure. This inconsistency may result in unauthorized access to sensitive information when healthcare workers are not present at their computers. Lastly, the issue of password sharing raised significant concerns. Although the majority (60%) refrained from sharing passwords, nearly 40% of healthcare workers admitted to providing their passwords to colleagues or managers when asked. This practice increases the risk of unauthorized access to sensitive systems and data and is a clear breach of basic cybersecurity protocols. 3.4. Relationship Between Gender, Age, and Profession with Cybersecurity Culture In this study, we also explored the relationship between demographic factors—such as gender, age, and profession—and the cybersecurity culture among healthcare workers. 3.4.1. Gender and Cybersecurity Culture As shown in Fig. 1 , male healthcare workers demonstrated a higher level of cybersecurity culture compared to female healthcare workers. Specifically, 60.9% of male respondents exhibited positive cybersecurity culture, while only 54.1% of female respondents did so. Despite this difference, statistical analysis revealed no significant relationship between gender and cybersecurity culture, with a p-value of 0.286. This suggests that while gender differences were observed in cybersecurity culture, they were not statistically significant in this sample, implying that factors other than gender may play a more decisive role in shaping cybersecurity behavior among healthcare workers. 3.4.2. Age and Cybersecurity Culture Figure 1 also illustrates a notable trend in the relationship between age and cybersecurity culture. Healthcare workers aged 21–30 years demonstrated the highest level of cybersecurity culture, with 65.2% falling into the positive cybersecurity culture category. In contrast, older age groups tended to show lower levels of cybersecurity culture, although the decline was not entirely linear. The statistical analysis revealed a significant relationship between age and cybersecurity culture, with a p-value of 0.043. This suggests that younger healthcare workers may have better awareness and adherence to cybersecurity practices, potentially due to greater exposure to digital technologies and more recent training in cybersecurity topics. 3.4.3. Profession and Cybersecurity Culture Lastly, when examining the influence of profession on cybersecurity culture, the results indicated significant differences across different healthcare roles. Nurses exhibited the strongest cybersecurity culture, with 59.8% reporting positive cybersecurity practices. This was followed by other healthcare workers (47.3%), and physicians had the lowest percentage of positive cybersecurity culture, at only 37.2%. Statistical analysis confirmed a significant association between profession and cybersecurity culture, with a p-value of 0.002. This suggests that healthcare professionals' roles may influence their awareness, attitudes, and behaviors related to cybersecurity. Nurses, for example, may receive more targeted training or have more direct engagement with day-to-day cybersecurity practices, while physicians may be less involved in the technical aspects of security. 4. Discussion The findings of this study offer valuable insights into the current state of cybersecurity culture among healthcare workers in Makassar, Indonesia, revealing significant gaps in knowledge, attitudes, and behaviors that pose risks to patient data security and the integrity of healthcare services. One of the most notable results is the widespread lack of awareness among healthcare workers regarding essential cybersecurity concepts, including the existence of formal cybersecurity policies within their hospitals. In fact, 61.7% of respondents reported being unaware of any cybersecurity policies in place, underscoring a critical vulnerability in healthcare systems. Without awareness of institutional cybersecurity guidelines, healthcare workers may inadvertently bypass security protocols, increasing the potential for security breaches and compromising sensitive patient information. Further compounding the issue is the limited understanding of common cybersecurity threats. A significant number of healthcare workers were unfamiliar with how to identify or respond to prevalent cyber risks, such as email fraud (65.5%) and social engineering attacks (59.6%). This lack of preparedness is particularly concerning given the healthcare sector’s vulnerability to cyberattacks, as studies have shown that phishing remains one of the most common attack vectors within this field ( 18 – 20 ). These findings highlight the urgent need for comprehensive cybersecurity training programs and continuous awareness campaigns, as only 45.1% of respondents reported having received any formal training in cybersecurity within their respective hospitals. Despite these gaps in knowledge, the attitudes toward cybersecurity were more favorable. Nearly all respondents (100%) acknowledged the importance of adhering to safety policies, with 63.2% expressing confidence in identifying security risks. However, there was a clear disconnect between these positive attitudes and actual cybersecurity practices. For example, although the majority of respondents (89.4%) reported being careful when handling email attachments, risky behaviors such as using personal devices for transferring hospital data (72.1%) and downloading unauthorized software (70.2%) remained prevalent. These discrepancies suggest that, while healthcare workers may recognize the value of cybersecurity, their actual behavior does not consistently align with best practices, which undermines the overall security posture of healthcare institutions. Demographic factors such as gender, age, and professional role were found to influence cybersecurity culture. Male healthcare workers exhibited a higher level of cybersecurity awareness, with 60.9% of them showing a positive cybersecurity culture compared to 54.1% of female healthcare workers. However, statistical analysis revealed no significant correlation between gender and cybersecurity culture, with a p-value of 0.286. In contrast, younger healthcare workers (aged 21–30) demonstrated better cybersecurity awareness, with 65.2% exhibiting positive cybersecurity culture. Older workers, while still recognizing the importance of cybersecurity, generally showed lower levels of awareness. This result is consistent with previous studies suggesting that younger, more tech-savvy individuals tend to be more adept at adopting secure digital practices ( 21 , 22 ). Additionally, the study found a significant relationship between profession and cybersecurity culture. Nurses displayed the highest level of cybersecurity awareness (59.8%), followed by other healthcare workers (47.3%), and physicians (37.2%). The difference between these groups is likely due to the varying levels of direct interaction with digital systems that store sensitive patient data. As frontline healthcare providers, nurses may be more attuned to the necessity of cybersecurity measures to protect patient data ( 5 , 23 ). Physicians, on the other hand, may have less exposure to the digital systems, potentially explaining their lower cybersecurity awareness. Considering these findings, improving cybersecurity culture in healthcare requires urgent attention. The study suggests several key interventions, including more comprehensive training programs, the implementation of clear and enforceable cybersecurity policies, and the promotion of a culture of security at all levels of healthcare organizations. These recommendations align with findings from previous studies, which emphasize the importance of comprehensive training to raise awareness and improve cybersecurity practices among healthcare staff, who are often the weakest link in cybersecurity defenses ( 24 ). Online training modules are a foundational method for delivering cybersecurity education. They provide a basic understanding of IT security and privacy concepts, which is essential for preventing potential breaches. A study found that 80.9% of healthcare staff completed online IT training, with 57.5% perceiving it as effective ( 25 ). These modules should be an integral part of continuing education for healthcare staff to protect patient information. Next, clear policies play a crucial role in enhancing cybersecurity culture within healthcare by establishing a structured framework that guides the protection of sensitive health information. These policies help in defining roles, responsibilities, and procedures, thereby fostering a culture of security awareness and compliance among healthcare professionals. Policies ensure compliance with regulatory standards and foster a culture of accountability among healthcare providers ( 25 ). Policymakers and healthcare administrators must prioritize the development of robust cybersecurity education programs for all healthcare workers, regardless of their role, to ensure they are well-equipped to recognize, prevent, and respond to cyber threats effectively. Furthermore, the study highlights the need for stronger leadership in fostering a culture of cybersecurity within healthcare institutions, which will require not only training and policy development but also active participation from healthcare workers in maintaining a secure digital environment. Transformational leadership, which emphasizes creating a shared vision and fostering collaboration, is particularly effective in this context. This style encourages healthcare workers to engage actively in cybersecurity practices by promoting a culture of trust and collaboration, which is essential for addressing the human factors in cybersecurity vulnerabilities ( 25 ). The broader implications of this study extend beyond Indonesia and could inform cybersecurity initiatives in other developing countries facing similar challenges in healthcare. The demographic differences observed in cybersecurity culture—particularly the greater awareness among younger workers and nurses—suggest that targeted interventions based on age and professional role could be more effective than generalized approaches. Tailoring cybersecurity education and policies to specific groups could increase the likelihood of successful implementation and greater adherence to cybersecurity practices. In conclusion, this study underscores the critical need to strengthen cybersecurity culture within healthcare institutions, particularly in developing countries where digital transformation is occurring rapidly but cybersecurity preparedness lags behind. The findings suggest that gaps in knowledge, attitudes, and practices must be addressed through targeted training programs, clearer policies, and stronger enforcement mechanisms. As healthcare systems continue to digitize, it is vital that cybersecurity becomes an integral part of the organizational culture, involving all healthcare workers in safeguarding patient data and ensuring the integrity of healthcare services. Future research, particularly longitudinal and qualitative studies, will be essential to gain deeper insights into the factors influencing cybersecurity behaviors and to evaluate the effectiveness of interventions aimed at improving cybersecurity culture across different healthcare settings. Study Limitations The study’s methodology, though robust, has certain limitations. The cross-sectional design restricts causal inference, and while the sample was relatively large, it was limited to three hospitals in Makassar, which may affect the generalizability of findings to the broader Indonesian healthcare workforce. Future studies should aim to increase sample diversity across Indonesian healthcare settings to enhance representativeness, and longitudinal research could offer insights into how cybersecurity culture evolves over time, evaluating the effectiveness of training and policy interventions. Despite these limitations, the study contributes significantly to the field with its large sample size of 574 healthcare workers, providing a reliable basis for examining cybersecurity culture in this region. The use of quantitative survey tools enabled clear, replicable findings, while statistical analysis provided deeper insight into demographic factors influencing cybersecurity culture, including age, gender, and professional roles. These insights are vital for developing targeted interventions to enhance cybersecurity practices within healthcare organizations. 5. Conclusion While healthcare workers generally recognize the importance of cybersecurity, many lack awareness of essential concepts such as hospital cybersecurity policies and how to identify and respond to cyber threats. Demographic factors such as age and profession influence cybersecurity awareness, with younger workers and nurses demonstrating stronger cybersecurity practices. The study highlights the urgent need for comprehensive cybersecurity training, clear policies, and stronger leadership to foster a culture of security in healthcare organizations. Despite its limitations, including a cross-sectional design and a sample limited to three hospitals, the study contributes valuable empirical data that can inform targeted interventions aimed at strengthening cybersecurity culture in healthcare settings, particularly in emerging markets like Indonesia. Future research should focus on expanding the sample size, conducting longitudinal studies, and exploring the qualitative aspects of cybersecurity behavior to gain a deeper understanding of the factors influencing security practices in healthcare. Declarations Acknowledgements We would like to acknowledge the following organizations for providing permit to participate in the study: Haji Hospital of South Sulawesi Province, Labuang Baji Hospital of South Sulawesi Province, and Sayang Rakyat Hospital of South Sulawesi Province. The authors would also like to thank the Institute for Research and Community Service, Hasanuddin University for Partnership initiative for this research. Authors’ contributions I.I and A.M. conceptualized the study. I.I and A.M developed the study methodology. I.I; A.M; R.A; N.B; A.N and N.L did the data curation. I.I and N.L. wrote the manuscript. All authors reviewed and edited the manuscript. Funding The research was funded by Institute for Research and Community Service, Hasanuddin University. The funder had no role in the study design, data collection and analysis, decision to publish or the preparation of the manuscript. Availability of data and materials All data analyzed in the study is available upon written request from the corresponding author. Ethics approval and consent to participate Ethical approval for this study was obtained from the Health Research Ethics Committee of Universitas Hasanuddin (979/UN4.14.1/TP.01.02/2024). All key stakeholders signed an informed consent form prior to participating in the study. Consent for publication Not applicable. Competing interests The authors declare no competing interests References Hidayah, Ramli K. HIPAA-based Analysis on the Awareness Level of Medical Personnel in Indonesia to Secure Electronic Protected Health Information (ePHI). In: 2021 IEEE International Conference on Health, Instrumentation & Measurement, and Natural Sciences (InHeNce). 2021. p. 1–6. Cybersecurity and cybercrime in Indonesia - statistics & facts | Statista [Internet]. [cited 2024 Jun 12]. Available from: https://www.statista.com/topics/11732/cybersecurity-and-cybercrime-in-indonesia/#topicOverview Fauzi MA, Yeng P, Yang B, Rachmayani D. Examining the Link Between Stress Level and Cybersecurity Practices of Hospital Staff in Indonesia. In: Proceedings of the 16th International Conference on Availability, Reliability and Security [Internet]. New York, NY, USA: Association for Computing Machinery; 2021. (ARES ’21). Available from: https://doi.org/10.1145/3465481.3470094 Sari PK, Prasetio A, Candiwan, Handayani PW, Hidayanto AN, Syauqina S, et al. Information security cultural differences among health care facilities in Indonesia. Heliyon. 2021 Jun 1;7(6):e07248. Alhuwail D, Al-Jafar E, Abdulsalam Y, AlDuaij S. Information Security Awareness and Behaviors of Health Care Professionals at Public Health Care Facilities. Appl Clin Inform. 2021 Aug;12(4):924–32. Branley-Bell D, Coventry L, Dixon M, Joinson A, Briggs P. Exploring Age and Gender Differences in ICT Cybersecurity Behaviour. Hum Behav Emerg Technol [Internet]. 2022 Jan 1 [cited 2024 Oct 28];2022(1):2693080. Available from: https://onlinelibrary.wiley.com/doi/full/10.1155/2022/2693080 Foth M, Schusterschitz C, Flatscher‐Thöni M. Technology acceptance as an influencing factor of hospital employees’ compliance with data-protection standards in Germany. J Public Heal [Internet]. 2012 Oct 27 [cited 2024 Oct 28];20(3):253–68. Available from: https://link.springer.com/article/10.1007/s10389-011-0456-9 Sabet C, Lin JC, Zhong A, Nguyen D. Cybersecurity in the age of digital pandemics: protecting patient data in low-income and middle-income countries. Lancet Glob Heal [Internet]. 2024 Jun 1 [cited 2024 Oct 28];12(6):e911–2. Available from: http://www.thelancet.com/article/S2214109X24001244/fulltext Kaberuka J, Johnson C. Adapting STPA-sec for Socio-technical Cyber Security Challenges in Emerging Nations: A Case Study in Risk Management for Rwandan Health Care. Int Conf Cyber Secur Prot Digit Serv Cyber Secur 2020. 2020 Jun 1; Georgiadou A, Mouzakitis S, Bounas K, Askounis D. A Cyber-Security Culture Framework for Assessing Organization Readiness. J Comput Inf Syst [Internet]. 2022 May 4;62(3):452–62. Available from: https://doi.org/10.1080/08874417.2020.1845583 Gioulekas F, Stamatiadis E, Tzikas A, Gounaris K, Georgiadou A, Michalitsi-Psarrou A, et al. A Cybersecurity Culture Survey Targeting Healthcare Critical Infrastructures. Healthc (Basel, Switzerland). 2022 Feb;10(2). Sari PK. Model Perilaku Keamanan Sistem Informasi Kesehatan dan Implikasinya dalam Pengembangan Roadmap Manajemen Keamanan Informasi pada Fasilitas Pelayanan Kesehatan di Indonesia. Universitas Indonesia; 2023. Parsons K, Calic D, Pattinson M, Butavicius M, McCormac A, Zwaans T. The Human Aspects of Information Security Questionnaire (HAIS-Q): Two further validation studies. Comput Secur. 2017 May 1;66:40–51. Egelman S, Peer E. Scaling the security wall : Developing a security behavior intentions scale (SeBIS). Conf Hum Factors Comput Syst - Proc [Internet]. 2015 Apr 18 [cited 2024 Oct 28];2015-April:2873–82. Available from: https://dl.acm.org/doi/10.1145/2702123.2702249 Hadlington L. Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon. 2017 Jul 1;3(7):e00346. Ifinedo P, Akinnuwesi BA. Employees’ non-malicious, counterproductive computer security behaviors (CCSB) in Nigeria and Canada: An empirical and comparative analysis. IEEE Int Conf Adapt Sci Technol ICAST. 2015 Mar 25;2015-January. Hore K, Hoi Tan M, Kehoe A, Beegan A, Mason S, Al Mane N, et al. Cybersecurity and critical care staff: A mixed methods study. Int J Med Inform. 2024 May;185:105412. Nifakos S, Chandramouli K, Nikolaou CK, Papachristou P, Koch S, Panaousis E, et al. Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review. Sensors (Basel). 2021 Jul;21(15). Ahouanmenou S, Van Looy A, Poels G. Information security and privacy in hospitals: a literature mapping and review of research gaps. Inform Health Soc Care. 2023 Jan;48(1):30–46. Jalali MS, Bruckes M, Westmattelmann D, Schewe G. Why Employees (Still) Click on Phishing Links: Investigation in Hospitals. J Med Internet Res. 2020 Jan;22(1):e16775. Hull M, Zhang-Kennedy L, Baig K, Chiasson S. Understanding individual differences: factors affecting secure computer behaviour. Behav Inf Technol [Internet]. 2022 Nov 18;41(15):3237–63. Available from: https://doi.org/10.1080/0144929X.2021.1977849 Freed D, Bazarova NN, Consolvo S, Han EJ, Kelley PG, Thomas K, et al. Understanding Digital-Safety Experiences of Youth in the U.S. In: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems [Internet]. New York, NY, USA: Association for Computing Machinery; 2023. (CHI ’23). Available from: https://doi.org/10.1145/3544548.3581128 Nasrabadi AN, Norouzkhani N, Manookian A, Cheraghi MA, Mohammadi M, Izadidastenaei Z, et al. Safeguarding Patient Information as an Issue Faced by Nurses: A policy brief. Asia Pacific J Heal Manag [Internet]. 2024 Oct 20 [cited 2024 Nov 5];19(2). Available from: https://journal.achsm.org.au/index.php/achsm/article/view/3013 Argyridou E, Nifakos S, Laoudias C, Panda S, Panaousis E, Chandramouli K, et al. Cyber Hygiene Methodology for Raising Cybersecurity and Data Privacy Awareness in Health Care Organizations: Concept Study. J Med Internet Res. 2023 Jul;25:e41294. Luidold C, Jungbauer C. Cybersecurity policy framework requirements for the establishment of highly interoperable and interconnected health data spaces. Front Med. 2024;11:1379852. Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-5421169","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":383941074,"identity":"e2899169-b67d-4a9b-80b0-dcce4be9e036","order_by":0,"name":"Irwandy Irwandy","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA9ElEQVRIiWNgGAWjYJACCTDJzNz4gIHhAFTMgJkYLYzNBiRqYWBsk0BoYcCtxeD42YO3eRhsovnbGduqeWruyPEzMD98wFBgjVvLmbxkax6GtNwZhxnbbvMce2Ys2cBmbMBgkI5Ti9mBHDNpHobDuQ1gLWyHEzcc4GGTYDA4jFvL+TcgLf9z5wO1FPP8I0bLDbAtB3I3ALUw87YRocX+xhtjyzkMybkbDzM2S87tO2ws2Qz0SwIev0j25xjeeMNglzvv/OGDH958OyzHz9788MGHP7hDDASYeP9BGTwgEhQjCXg1AOPwBzpjFIyCUTAKRgEyAABydVIxSoZ1RQAAAABJRU5ErkJggg==","orcid":"","institution":"Hasanuddin University","correspondingAuthor":true,"prefix":"","firstName":"Irwandy","middleName":"","lastName":"Irwandy","suffix":""},{"id":383941075,"identity":"232b0918-4d74-49a2-9d51-997cb637290c","order_by":1,"name":"Adelia U. Ady Mangilep","email":"","orcid":"","institution":"Hasanuddin University","correspondingAuthor":false,"prefix":"","firstName":"Adelia","middleName":"U. Ady","lastName":"Mangilep","suffix":""},{"id":383941076,"identity":"05fc4832-9253-4571-af79-d5b5a813da10","order_by":2,"name":"Rini Anggraeni","email":"","orcid":"","institution":"Hasanuddin University","correspondingAuthor":false,"prefix":"","firstName":"Rini","middleName":"","lastName":"Anggraeni","suffix":""},{"id":383941077,"identity":"6e4a0d15-ef26-432a-a095-efb151c7c47c","order_by":3,"name":"Noer Bahry Noor","email":"","orcid":"","institution":"Hasanuddin University","correspondingAuthor":false,"prefix":"","firstName":"Noer","middleName":"Bahry","lastName":"Noor","suffix":""},{"id":383941079,"identity":"b5d749a4-37d3-47dc-aff3-172db062c13d","order_by":4,"name":"Andi Niartiningsih","email":"","orcid":"","institution":"Cokroaminoto University","correspondingAuthor":false,"prefix":"","firstName":"Andi","middleName":"","lastName":"Niartiningsih","suffix":""},{"id":383941082,"identity":"1e123dc0-a8fe-4cdb-aa84-4148f411e512","order_by":5,"name":"Nur Latifah","email":"","orcid":"","institution":"Hasanuddin University","correspondingAuthor":false,"prefix":"","firstName":"Nur","middleName":"","lastName":"Latifah","suffix":""}],"badges":[],"createdAt":"2024-11-09 09:53:17","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-5421169/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-5421169/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":71634209,"identity":"a06b7022-da98-456c-9ebb-8e007628c9bf","added_by":"auto","created_at":"2024-12-17 09:54:32","extension":"png","order_by":1,"title":"Figure 1","display":"","copyAsset":false,"role":"figure","size":16579,"visible":true,"origin":"","legend":"\u003cp\u003eCybersecurity Culture Across Demographic Variables: Gender, Age, and Profession\u003c/p\u003e","description":"","filename":"1.png","url":"https://assets-eu.researchsquare.com/files/rs-5421169/v1/823c72b734580c90837cac3b.png"},{"id":85252438,"identity":"62b1e9bf-90bd-498d-beea-ab1b79d95b01","added_by":"auto","created_at":"2025-06-24 01:46:46","extension":"pdf","order_by":0,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":737722,"visible":true,"origin":"","legend":"","description":"","filename":"manuscript.pdf","url":"https://assets-eu.researchsquare.com/files/rs-5421169/v1/d5438df6-8025-452a-9aa7-5ea16b6c715d.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Cybersecurity Culture Among Healthcare Workers in Indonesia: Knowledge Gaps, Demographic Influences, and Strategic Policy Solutions","fulltext":[{"header":"1. Introduction","content":"\u003cp\u003eThe healthcare sector increasingly becomes a prime target for cyberattacks due to its growing reliance on digital technologies and the sensitive nature of the data it handles. As healthcare systems rapidly undergo digital transformation, cyber threats pose significant risks not only to patient privacy but also to the overall functionality of healthcare services. Cybercriminals exploit both technological vulnerabilities and human factors, making the cybersecurity culture among healthcare workers a critical line of defense. However, despite the urgency of these threats, cybersecurity culture among healthcare professionals remains underdeveloped in many regions, particularly in Indonesia.\u003c/p\u003e \u003cp\u003eGlobally, cultivating a strong information security culture (ISC) is essential for safeguarding electronic Protected Health Information (ePHI). Countries with well-established cybersecurity infrastructures, such as the United States and parts of Europe, demonstrate fewer vulnerabilities through comprehensive training and leadership support. In contrast, Indonesia faces substantial challenges in fostering such a culture among healthcare workers. Research indicates that Indonesian medical personnel exhibit low cybersecurity awareness, with an ISC score of 2.588, significantly below international standards (\u003cspan citationid=\"CR1\" class=\"CitationRef\"\u003e1\u003c/span\u003e). These deficiencies expose patient data to risks and threaten the continuity of healthcare services.\u003c/p\u003e \u003cp\u003eIndonesia\u0026rsquo;s broader cybersecurity landscape reflects these concerns. In 2022, the country recorded nearly one billion traffic anomalies linked to potential cyberattacks, emphasizing the need for enhanced protective measures (\u003cspan citationid=\"CR2\" class=\"CitationRef\"\u003e2\u003c/span\u003e). Despite some progress, Indonesia ranks sixth in the Asia-Pacific region in cybersecurity readiness, highlighting critical gaps that leave healthcare systems vulnerable (\u003cspan citationid=\"CR1\" class=\"CitationRef\"\u003e1\u003c/span\u003e). Contributors to this weak cybersecurity culture include high stress levels among healthcare workers, inadequate training, and limited support from top management (\u003cspan citationid=\"CR3\" class=\"CitationRef\"\u003e3\u003c/span\u003e, \u003cspan citationid=\"CR4\" class=\"CitationRef\"\u003e4\u003c/span\u003e). Furthermore, variations in ISC across healthcare facilities suggest that inconsistent training and leadership significantly influence cybersecurity practices.\u003c/p\u003e \u003cp\u003eResearch reveals significant differences in cybersecurity culture among various healthcare professions. Nurses often demonstrate higher cybersecurity competence than physicians, while healthcare workers with more experience show better adherence to security protocols (\u003cspan citationid=\"CR5\" class=\"CitationRef\"\u003e5\u003c/span\u003e). Additionally, factors such as age and sex influence the adaptability and receptiveness to cybersecurity practices, impacting the overall security posture of healthcare organizations (\u003cspan citationid=\"CR6\" class=\"CitationRef\"\u003e6\u003c/span\u003e, \u003cspan citationid=\"CR7\" class=\"CitationRef\"\u003e7\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eGiven these challenges, this study aims to assess the current state of cybersecurity culture among healthcare workers in Makassar, Indonesia. Specifically, it evaluates the cybersecurity awareness and practices of healthcare workers and explores the relationships between different healthcare professions, age, gender, and their levels of cybersecurity culture. By addressing these gaps, this research provides critical insights that inform the development of tailored training programs and policy interventions aimed at enhancing cybersecurity practices in Indonesian healthcare settings.\u003c/p\u003e \u003cp\u003eWhile focused on Makassar, the relevance of this study extends beyond Indonesia. Many countries, particularly in Southeast Asia, Africa, and Latin America, face similar challenges in establishing robust cybersecurity cultures within their healthcare systems due to limited resources and fragmented leadership (\u003cspan citationid=\"CR8\" class=\"CitationRef\"\u003e8\u003c/span\u003e, \u003cspan citationid=\"CR9\" class=\"CitationRef\"\u003e9\u003c/span\u003e). Therefore, the findings of this research contribute not only to Indonesia\u0026rsquo;s healthcare security but also to the global understanding of cybersecurity in emerging markets. By exploring how occupational roles influence cybersecurity behaviors, the study offers valuable insights that can be applied in other developing nations, supporting broader efforts to secure healthcare systems worldwide.\u003c/p\u003e \u003cp\u003eThis study provides original contributions to the global discourse on healthcare cybersecurity, offering a pathway to elevate security standards, protect sensitive patient data, and safeguard the integrity of healthcare systems in Indonesia and similar contexts globally. Through this research, we aim to lay the groundwork for enhanced cybersecurity training and practices, ultimately leading to a more resilient healthcare environment.\u003c/p\u003e"},{"header":"2. Methods","content":"\u003cp\u003eThe framework used to evaluate the cybersecurity culture among healthcare workers in this study was adapted from a methodology that classifies cybersecurity culture into two levels: individual and group (\u003cspan citationid=\"CR10\" class=\"CitationRef\"\u003e10\u003c/span\u003e). This research focused on the individual level, specifically targeting healthcare professionals.\u003c/p\u003e \u003cp\u003eTo examine cybersecurity culture from an individual perspective, we developed a modified research instrument to measure information security behavior, drawing from several previous studies (\u003cspan additionalcitationids=\"CR12 CR13 CR14 CR15\" citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e\u0026ndash;\u003cspan citationid=\"CR16\" class=\"CitationRef\"\u003e16\u003c/span\u003e). The instrument included three main components: Knowledge, Attitudes, and Practices.\u003c/p\u003e \u003cp\u003eTabel 1. Questionnaire items and references.\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Taba\" border=\"1\"\u003e \u003ccolgroup cols=\"2\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eItems\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eReferences\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eA. Knowledge\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e\u0026nbsp;\u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e1. Does the hospital where you work have a hospital cybersecurity policy?\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e2. Do you know when your computer is hacked or infected and who to contact when that happens?\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan additionalcitationids=\"CR12\" citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e\u0026ndash;\u003cspan citationid=\"CR13\" class=\"CitationRef\"\u003e13\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e3. Do you know what email fraud is and how to identify it?\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e4. Are you aware and trained regarding cyber security in hospitals?\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e5. Do you know what a social engineering attack is?\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eB. \u003cb\u003eAttitudes\u003c/b\u003e\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e\u0026nbsp;\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e6. My computer is of no value to hackers and hackers are not targeting me\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e7. Following the safety policies in the hospital helps me to do my job better\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e8. I am confident that I can recognize a security problem or incident if I see one.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eC. \u003cb\u003ePractices\u003c/b\u003e\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e9. Is an antivirus currently installed on your computer?\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e10. How careful are you when opening attachments in emails?\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan additionalcitationids=\"CR12\" citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e\u0026ndash;\u003cspan citationid=\"CR13\" class=\"CitationRef\"\u003e13\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e11. Do you use your personal devices, such as mobile phones, flash drives or CD/DVDs to store or transfer confidential hospital information?\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e, \u003cspan citationid=\"CR12\" class=\"CitationRef\"\u003e12\u003c/span\u003e, \u003cspan citationid=\"CR15\" class=\"CitationRef\"\u003e15\u003c/span\u003e, \u003cspan citationid=\"CR16\" class=\"CitationRef\"\u003e16\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e12. Do you download and install software on your computer at the hospital?\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan additionalcitationids=\"CR12\" citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e\u0026ndash;\u003cspan citationid=\"CR13\" class=\"CitationRef\"\u003e13\u003c/span\u003e, \u003cspan additionalcitationids=\"CR16\" citationid=\"CR15\" class=\"CitationRef\"\u003e15\u003c/span\u003e\u0026ndash;\u003cspan citationid=\"CR17\" class=\"CitationRef\"\u003e17\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e13. Do you lock your computer when you leave the hospital even for a moment?\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan additionalcitationids=\"CR12 CR13\" citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e\u0026ndash;\u003cspan citationid=\"CR14\" class=\"CitationRef\"\u003e14\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e14. Do you give your password to your coworkers or manager when asked?\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\u003cspan additionalcitationids=\"CR12\" citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e\u0026ndash;\u003cspan citationid=\"CR13\" class=\"CitationRef\"\u003e13\u003c/span\u003e, \u003cspan citationid=\"CR15\" class=\"CitationRef\"\u003e15\u003c/span\u003e, \u003cspan citationid=\"CR16\" class=\"CitationRef\"\u003e16\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003eThe study targeted healthcare workers in three provincial government hospitals in South Sulawesi, Indonesia. A convenience sampling method was employed to recruit participants, which included all healthcare professionals who had authorized access to patients' electronic medical records. In total, 577 respondents participated in the study. The questionnaire comprised sections on demographics (age, sex, and healthcare profession) and cybersecurity behaviors (knowledge, attitudes, and practices). A total of 14 items were developed to assess these aspects, with references to existing literature for validation. To ensure better comprehension, the questionnaire was translated from English to Indonesian, addressing potential language barriers. After data collection, responses were translated back into English to ensure consistency and accuracy.\u003c/p\u003e \u003cp\u003eThe survey was conducted between February 2024 and November 2024. Participation was voluntary, and each respondent provided informed consent prior to completing the survey. There was no time limit for completing the questionnaire, and participants were not offered any compensation or incentives. To examine the relationship between demographic variables (age, sex, healthcare profession types) and cybersecurity culture, a chi-square test was employed for data analysis. This statistical method was chosen to determine if there were significant associations between categorical variables.\u003c/p\u003e \u003cp\u003eTo ensure the validity and reliability of the instrument, we conducted a pilot study prior to the main data collection phase. Feedback from healthcare professionals was used to refine the questionnaire items. Additionally, we calculated Cronbach's alpha to assess the internal consistency of the scales used in the study.\u003c/p\u003e \u003cp\u003eThe study assumed that all respondents would provide honest and accurate responses regarding their knowledge, attitudes, and practices related to cybersecurity. It also assumed that the sample would be representative of the broader population of healthcare workers in the region.\u003c/p\u003e"},{"header":"3. Results","content":"\u003cp\u003eThe Table \u003cspan refid=\"Tab1\" class=\"InternalRef\"\u003e2\u003c/span\u003e presents the results of the survey conducted to assess the knowledge, attitudes, and practices related to cybersecurity among healthcare workers at three hospitals in Makassar, Indonesia. The data presented in this table highlight key areas that require further attention, particularly concerning knowledge and attitudes toward cybersecurity threats, as well as practices that remain suboptimal within the healthcare workforce.\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"Yes\" id=\"Tab1\" border=\"1\"\u003e \u003ccaption language=\"En\"\u003e \u003cdiv class=\"CaptionNumber\"\u003eTable 2\u003c/div\u003e \u003cdiv class=\"CaptionContent\"\u003e \u003cp\u003eSurvey Results on Knowledge, Attitudes, and Practices Regarding Cybersecurity Among Healthcare Workers\u003c/p\u003e \u003c/div\u003e \u003c/caption\u003e \u003ccolgroup cols=\"8\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c3\" colnum=\"3\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c4\" colnum=\"4\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c5\" colnum=\"5\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c6\" colnum=\"6\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c7\" colnum=\"7\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c8\" colnum=\"8\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\" morerows=\"1\" rowspan=\"2\"\u003e \u003cp\u003eNo\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\" morerows=\"1\" rowspan=\"2\"\u003e \u003cp\u003eItems\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colspan=\"2\" nameend=\"c4\" namest=\"c3\"\u003e \u003cp\u003eYes\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colspan=\"2\" nameend=\"c6\" namest=\"c5\"\u003e \u003cp\u003eNo\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colspan=\"2\" nameend=\"c8\" namest=\"c7\"\u003e \u003cp\u003eTotal\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c3\"\u003e \u003cp\u003en\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c4\"\u003e \u003cp\u003e%\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c5\"\u003e \u003cp\u003en\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c6\"\u003e \u003cp\u003e%\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c7\"\u003e \u003cp\u003en\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c8\"\u003e \u003cp\u003e%\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eA.\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eKnowledge\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c3\"\u003e\u0026nbsp;\u003c/th\u003e \u003cth align=\"left\" colname=\"c4\"\u003e\u0026nbsp;\u003c/th\u003e \u003cth align=\"left\" colname=\"c5\"\u003e\u0026nbsp;\u003c/th\u003e \u003cth align=\"left\" colname=\"c6\"\u003e\u0026nbsp;\u003c/th\u003e \u003cth align=\"left\" colname=\"c7\"\u003e\u0026nbsp;\u003c/th\u003e \u003cth align=\"left\" colname=\"c8\"\u003e\u0026nbsp;\u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eHospital has a cybersecurity policy\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e220\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003e38.3\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e354\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003e61,7\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c7\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c8\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e2\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eKnow when computer is hacked or infected and who to contact\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e126\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003e22\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e448\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003e78\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c7\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c8\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e3\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eKnow what email fraud is and how to identify it\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e198\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003e34.5\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e376\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003e65.5\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c7\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c8\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e4\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eAware and trained regarding cyber security in hospitals\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e259\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003e45.1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e315\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003e54.9\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c7\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c8\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e5\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eKnow what a social engineering attack is\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e232\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003e40.4\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e342\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003e59.6\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c7\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c8\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e\u003cb\u003eB.\u003c/b\u003e\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e\u003cb\u003eAttitudes\u003c/b\u003e\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e\u0026nbsp;\u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e\u0026nbsp;\u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e\u0026nbsp;\u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e\u0026nbsp;\u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e\u0026nbsp;\u003c/td\u003e \u003ctd align=\"left\" colname=\"c8\"\u003e\u0026nbsp;\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e6\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eMy computer is of no value to hackers and hackers are not targeting me\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e283\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003e49.3\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e291\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003e50.7\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c7\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c8\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e7\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eFollowing the safety policies in the hospital helps me to do my job better\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003e0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c7\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c8\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e8\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eCan recognize a security problem or incident.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e363\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003e63.2\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e211\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003e36.8\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c7\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c8\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e\u003cb\u003eC.\u003c/b\u003e\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e\u003cb\u003ePractices\u003c/b\u003e\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e\u0026nbsp;\u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e\u0026nbsp;\u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e\u0026nbsp;\u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e\u0026nbsp;\u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e\u0026nbsp;\u003c/td\u003e \u003ctd align=\"left\" colname=\"c8\"\u003e\u0026nbsp;\u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e9\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eAntivirus currently installed on computer\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e366\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003e63.8\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e208\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003e36.2\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c7\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c8\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e10\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eCareful when opening attachments in emails\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e513\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003e89.4\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e61\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003e10.6\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c7\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c8\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e11\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eUse personal devices, such as mobile phones, flash drives or CD/DVDs to store or transfer confidential hospital information\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e414\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003e72.1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e160\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003e27.9\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c7\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c8\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eDownload and install software on computer hospital\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e171\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003e29.8\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e403\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003e70.2\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c7\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c8\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e13\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eLock the computer when leave the hospital\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e331\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003e57.7\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e243\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003e42.3\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c7\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c8\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e14\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eGave password to coworkers or manager when asked\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e226\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003e39.4\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e348\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003e60\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c7\"\u003e \u003cp\u003e574\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c8\"\u003e \u003cp\u003e100\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cdiv id=\"Sec4\" class=\"Section2\"\u003e \u003ch2\u003e3.1. Knowledge of Cybersecurity\u003c/h2\u003e \u003cp\u003eThe results regarding healthcare workers' knowledge of cybersecurity showed significant gaps in understanding critical concepts. One of the most concerning findings was the low level of awareness surrounding the existence of formal hospital cybersecurity policies. While 38.3% of respondents reported that their hospital had a cybersecurity policy, the majority (61.7%) were unaware of such policies, which highlights a potential vulnerability in hospital-wide cybersecurity initiatives.\u003c/p\u003e \u003cp\u003eAdditionally, a substantial proportion of healthcare workers lacked basic knowledge of how to identify and respond to cyberattacks. Only 22% of participants knew when their computer had been hacked or infected and understood who to contact in such situations. This indicates a considerable gap in cybersecurity preparedness, particularly in how healthcare workers should react to security breaches. This is concerning given that timely responses are critical in minimizing damage from cyberattacks.\u003c/p\u003e \u003cp\u003eAnother area of concern was the understanding of email fraud. Despite the prevalence of phishing attacks in the healthcare sector, over 65% of respondents did not know how to identify email fraud. This indicates a lack of training or awareness about one of the most common vectors for cyberattacks in healthcare.\u003c/p\u003e \u003cp\u003eFinally, while 45.1% of healthcare workers reported being aware of cybersecurity training within their hospitals, the remaining 54.9% had not received such training. This disparity underscores the importance of widespread and consistent cybersecurity education across healthcare organizations, as training is a key factor in improving cybersecurity awareness and practices.\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec5\" class=\"Section2\"\u003e \u003ch2\u003e3.2. Attitudes Toward Cybersecurity\u003c/h2\u003e \u003cp\u003eThe attitudes of healthcare workers toward cybersecurity revealed mixed perceptions regarding the importance of securing sensitive information. Notably, 49.3% of respondents believed their computers were of no value to hackers, suggesting a dangerous underestimation of the risks faced by healthcare institutions. This perception can contribute to complacency, making workers less likely to follow cybersecurity protocols or take necessary precautions, thus increasing the overall vulnerability of the healthcare system.\u003c/p\u003e \u003cp\u003eHowever, despite the lack of perceived personal risk, there was a high level of agreement on the importance of following safety policies. 100% of respondents indicated that adhering to hospital safety protocols helped them perform their job better, demonstrating a strong belief in the value of institutional security measures. This suggests that while workers may not perceive immediate threats to their own systems, they acknowledge the broader importance of cybersecurity within the organizational context.\u003c/p\u003e \u003cp\u003eFurthermore, a majority (63.2%) felt confident in their ability to recognize security problems or incidents. This is an encouraging sign, as awareness and self-efficacy are crucial components of a strong cybersecurity culture. However, the remaining 36.8% expressed uncertainty, which suggests that there may still be a need for further training to ensure all workers can identify and appropriately respond to security incidents.\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec6\" class=\"Section2\"\u003e \u003ch2\u003e3.3. Cybersecurity Practices\u003c/h2\u003e \u003cp\u003eWhen examining the actual cybersecurity practices of healthcare workers, the results showed a more positive picture in certain areas, but also highlighted areas of concern. For instance, 63.8% of participants reported having antivirus software installed on their work computers. This suggests a reasonable level of proactive protection against cyber threats. However, the remaining 36.2% of respondents did not use antivirus software, which is alarming given the widespread risks posed by malware and other cyber threats.\u003c/p\u003e \u003cp\u003eA particularly encouraging finding was the high level of caution shown when opening email attachments. A substantial majority (89.4%) of healthcare workers reported being careful when handling email attachments, which is one of the most common entry points for malicious software. This indicates a relatively strong awareness of basic email security practices among the workforce.\u003c/p\u003e \u003cp\u003eHowever, a more troubling practice was the use of personal devices for storing or transferring confidential hospital information. Over 72% of respondents admitted to using personal devices, such as mobile phones, flash drives, or CDs/DVDs, for these purposes. This practice presents a significant risk, as personal devices may not have the same level of security as hospital-provided equipment and can serve as potential entry points for cybercriminals.\u003c/p\u003e \u003cp\u003eMoreover, a significant proportion of healthcare workers (70.2%) reported downloading and installing unauthorized software on hospital computers. This behavior directly contradicts basic cybersecurity protocols, which emphasize restricting the installation of unauthorized applications to prevent the introduction of malware or vulnerabilities into the hospital network.\u003c/p\u003e \u003cp\u003eThe findings also indicated a mixed adherence to practices such as locking computers when leaving the workplace. While 57.7% of respondents reported locking their computers, 42.3% did not follow this simple yet effective security measure. This inconsistency may result in unauthorized access to sensitive information when healthcare workers are not present at their computers.\u003c/p\u003e \u003cp\u003eLastly, the issue of password sharing raised significant concerns. Although the majority (60%) refrained from sharing passwords, nearly 40% of healthcare workers admitted to providing their passwords to colleagues or managers when asked. This practice increases the risk of unauthorized access to sensitive systems and data and is a clear breach of basic cybersecurity protocols.\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec7\" class=\"Section2\"\u003e \u003ch2\u003e3.4. Relationship Between Gender, Age, and Profession with Cybersecurity Culture\u003c/h2\u003e \u003cp\u003eIn this study, we also explored the relationship between demographic factors\u0026mdash;such as gender, age, and profession\u0026mdash;and the cybersecurity culture among healthcare workers.\u003c/p\u003e \u003cdiv id=\"Sec8\" class=\"Section3\"\u003e \u003ch2\u003e3.4.1. Gender and Cybersecurity Culture\u003c/h2\u003e \u003cp\u003eAs shown in Fig.\u0026nbsp;\u003cspan refid=\"Fig1\" class=\"InternalRef\"\u003e1\u003c/span\u003e, male healthcare workers demonstrated a higher level of cybersecurity culture compared to female healthcare workers. Specifically, 60.9% of male respondents exhibited positive cybersecurity culture, while only 54.1% of female respondents did so. Despite this difference, statistical analysis revealed no significant relationship between gender and cybersecurity culture, with a p-value of 0.286. This suggests that while gender differences were observed in cybersecurity culture, they were not statistically significant in this sample, implying that factors other than gender may play a more decisive role in shaping cybersecurity behavior among healthcare workers.\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec9\" class=\"Section3\"\u003e \u003ch2\u003e3.4.2. Age and Cybersecurity Culture\u003c/h2\u003e \u003cp\u003eFigure \u003cspan refid=\"Fig1\" class=\"InternalRef\"\u003e1\u003c/span\u003e also illustrates a notable trend in the relationship between age and cybersecurity culture. Healthcare workers aged 21\u0026ndash;30 years demonstrated the highest level of cybersecurity culture, with 65.2% falling into the positive cybersecurity culture category. In contrast, older age groups tended to show lower levels of cybersecurity culture, although the decline was not entirely linear. The statistical analysis revealed a significant relationship between age and cybersecurity culture, with a p-value of 0.043. This suggests that younger healthcare workers may have better awareness and adherence to cybersecurity practices, potentially due to greater exposure to digital technologies and more recent training in cybersecurity topics.\u003c/p\u003e \u003cp\u003e \u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec10\" class=\"Section3\"\u003e \u003ch2\u003e3.4.3. Profession and Cybersecurity Culture\u003c/h2\u003e \u003cp\u003eLastly, when examining the influence of profession on cybersecurity culture, the results indicated significant differences across different healthcare roles. Nurses exhibited the strongest cybersecurity culture, with 59.8% reporting positive cybersecurity practices. This was followed by other healthcare workers (47.3%), and physicians had the lowest percentage of positive cybersecurity culture, at only 37.2%. Statistical analysis confirmed a significant association between profession and cybersecurity culture, with a p-value of 0.002. This suggests that healthcare professionals' roles may influence their awareness, attitudes, and behaviors related to cybersecurity. Nurses, for example, may receive more targeted training or have more direct engagement with day-to-day cybersecurity practices, while physicians may be less involved in the technical aspects of security.\u003c/p\u003e \u003c/div\u003e \u003c/div\u003e"},{"header":"4. Discussion","content":"\u003cp\u003eThe findings of this study offer valuable insights into the current state of cybersecurity culture among healthcare workers in Makassar, Indonesia, revealing significant gaps in knowledge, attitudes, and behaviors that pose risks to patient data security and the integrity of healthcare services. One of the most notable results is the widespread lack of awareness among healthcare workers regarding essential cybersecurity concepts, including the existence of formal cybersecurity policies within their hospitals. In fact, 61.7% of respondents reported being unaware of any cybersecurity policies in place, underscoring a critical vulnerability in healthcare systems. Without awareness of institutional cybersecurity guidelines, healthcare workers may inadvertently bypass security protocols, increasing the potential for security breaches and compromising sensitive patient information.\u003c/p\u003e \u003cp\u003eFurther compounding the issue is the limited understanding of common cybersecurity threats. A significant number of healthcare workers were unfamiliar with how to identify or respond to prevalent cyber risks, such as email fraud (65.5%) and social engineering attacks (59.6%). This lack of preparedness is particularly concerning given the healthcare sector\u0026rsquo;s vulnerability to cyberattacks, as studies have shown that phishing remains one of the most common attack vectors within this field (\u003cspan additionalcitationids=\"CR19\" citationid=\"CR18\" class=\"CitationRef\"\u003e18\u003c/span\u003e\u0026ndash;\u003cspan citationid=\"CR20\" class=\"CitationRef\"\u003e20\u003c/span\u003e). These findings highlight the urgent need for comprehensive cybersecurity training programs and continuous awareness campaigns, as only 45.1% of respondents reported having received any formal training in cybersecurity within their respective hospitals.\u003c/p\u003e \u003cp\u003eDespite these gaps in knowledge, the attitudes toward cybersecurity were more favorable. Nearly all respondents (100%) acknowledged the importance of adhering to safety policies, with 63.2% expressing confidence in identifying security risks. However, there was a clear disconnect between these positive attitudes and actual cybersecurity practices. For example, although the majority of respondents (89.4%) reported being careful when handling email attachments, risky behaviors such as using personal devices for transferring hospital data (72.1%) and downloading unauthorized software (70.2%) remained prevalent. These discrepancies suggest that, while healthcare workers may recognize the value of cybersecurity, their actual behavior does not consistently align with best practices, which undermines the overall security posture of healthcare institutions.\u003c/p\u003e \u003cp\u003eDemographic factors such as gender, age, and professional role were found to influence cybersecurity culture. Male healthcare workers exhibited a higher level of cybersecurity awareness, with 60.9% of them showing a positive cybersecurity culture compared to 54.1% of female healthcare workers. However, statistical analysis revealed no significant correlation between gender and cybersecurity culture, with a p-value of 0.286. In contrast, younger healthcare workers (aged 21\u0026ndash;30) demonstrated better cybersecurity awareness, with 65.2% exhibiting positive cybersecurity culture. Older workers, while still recognizing the importance of cybersecurity, generally showed lower levels of awareness. This result is consistent with previous studies suggesting that younger, more tech-savvy individuals tend to be more adept at adopting secure digital practices (\u003cspan citationid=\"CR21\" class=\"CitationRef\"\u003e21\u003c/span\u003e, \u003cspan citationid=\"CR22\" class=\"CitationRef\"\u003e22\u003c/span\u003e). Additionally, the study found a significant relationship between profession and cybersecurity culture. Nurses displayed the highest level of cybersecurity awareness (59.8%), followed by other healthcare workers (47.3%), and physicians (37.2%). The difference between these groups is likely due to the varying levels of direct interaction with digital systems that store sensitive patient data. As frontline healthcare providers, nurses may be more attuned to the necessity of cybersecurity measures to protect patient data (\u003cspan citationid=\"CR5\" class=\"CitationRef\"\u003e5\u003c/span\u003e, \u003cspan citationid=\"CR23\" class=\"CitationRef\"\u003e23\u003c/span\u003e). Physicians, on the other hand, may have less exposure to the digital systems, potentially explaining their lower cybersecurity awareness.\u003c/p\u003e \u003cp\u003eConsidering these findings, improving cybersecurity culture in healthcare requires urgent attention. The study suggests several key interventions, including more comprehensive training programs, the implementation of clear and enforceable cybersecurity policies, and the promotion of a culture of security at all levels of healthcare organizations. These recommendations align with findings from previous studies, which emphasize the importance of comprehensive training to raise awareness and improve cybersecurity practices among healthcare staff, who are often the weakest link in cybersecurity defenses (\u003cspan citationid=\"CR24\" class=\"CitationRef\"\u003e24\u003c/span\u003e). Online training modules are a foundational method for delivering cybersecurity education. They provide a basic understanding of IT security and privacy concepts, which is essential for preventing potential breaches. A study found that 80.9% of healthcare staff completed online IT training, with 57.5% perceiving it as effective (\u003cspan citationid=\"CR25\" class=\"CitationRef\"\u003e25\u003c/span\u003e). These modules should be an integral part of continuing education for healthcare staff to protect patient information.\u003c/p\u003e \u003cp\u003eNext, clear policies play a crucial role in enhancing cybersecurity culture within healthcare by establishing a structured framework that guides the protection of sensitive health information. These policies help in defining roles, responsibilities, and procedures, thereby fostering a culture of security awareness and compliance among healthcare professionals. Policies ensure compliance with regulatory standards and foster a culture of accountability among healthcare providers (\u003cspan citationid=\"CR25\" class=\"CitationRef\"\u003e25\u003c/span\u003e). Policymakers and healthcare administrators must prioritize the development of robust cybersecurity education programs for all healthcare workers, regardless of their role, to ensure they are well-equipped to recognize, prevent, and respond to cyber threats effectively.\u003c/p\u003e \u003cp\u003eFurthermore, the study highlights the need for stronger leadership in fostering a culture of cybersecurity within healthcare institutions, which will require not only training and policy development but also active participation from healthcare workers in maintaining a secure digital environment. Transformational leadership, which emphasizes creating a shared vision and fostering collaboration, is particularly effective in this context. This style encourages healthcare workers to engage actively in cybersecurity practices by promoting a culture of trust and collaboration, which is essential for addressing the human factors in cybersecurity vulnerabilities (\u003cspan citationid=\"CR25\" class=\"CitationRef\"\u003e25\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eThe broader implications of this study extend beyond Indonesia and could inform cybersecurity initiatives in other developing countries facing similar challenges in healthcare. The demographic differences observed in cybersecurity culture\u0026mdash;particularly the greater awareness among younger workers and nurses\u0026mdash;suggest that targeted interventions based on age and professional role could be more effective than generalized approaches. Tailoring cybersecurity education and policies to specific groups could increase the likelihood of successful implementation and greater adherence to cybersecurity practices.\u003c/p\u003e \u003cp\u003eIn conclusion, this study underscores the critical need to strengthen cybersecurity culture within healthcare institutions, particularly in developing countries where digital transformation is occurring rapidly but cybersecurity preparedness lags behind. The findings suggest that gaps in knowledge, attitudes, and practices must be addressed through targeted training programs, clearer policies, and stronger enforcement mechanisms. As healthcare systems continue to digitize, it is vital that cybersecurity becomes an integral part of the organizational culture, involving all healthcare workers in safeguarding patient data and ensuring the integrity of healthcare services. Future research, particularly longitudinal and qualitative studies, will be essential to gain deeper insights into the factors influencing cybersecurity behaviors and to evaluate the effectiveness of interventions aimed at improving cybersecurity culture across different healthcare settings.\u003c/p\u003e \u003cp\u003eStudy Limitations\u003c/p\u003e \u003cp\u003eThe study\u0026rsquo;s methodology, though robust, has certain limitations. The cross-sectional design restricts causal inference, and while the sample was relatively large, it was limited to three hospitals in Makassar, which may affect the generalizability of findings to the broader Indonesian healthcare workforce. Future studies should aim to increase sample diversity across Indonesian healthcare settings to enhance representativeness, and longitudinal research could offer insights into how cybersecurity culture evolves over time, evaluating the effectiveness of training and policy interventions. Despite these limitations, the study contributes significantly to the field with its large sample size of 574 healthcare workers, providing a reliable basis for examining cybersecurity culture in this region. The use of quantitative survey tools enabled clear, replicable findings, while statistical analysis provided deeper insight into demographic factors influencing cybersecurity culture, including age, gender, and professional roles. These insights are vital for developing targeted interventions to enhance cybersecurity practices within healthcare organizations.\u003c/p\u003e"},{"header":"5. Conclusion","content":"\u003cp\u003eWhile healthcare workers generally recognize the importance of cybersecurity, many lack awareness of essential concepts such as hospital cybersecurity policies and how to identify and respond to cyber threats. Demographic factors such as age and profession influence cybersecurity awareness, with younger workers and nurses demonstrating stronger cybersecurity practices. The study highlights the urgent need for comprehensive cybersecurity training, clear policies, and stronger leadership to foster a culture of security in healthcare organizations. Despite its limitations, including a cross-sectional design and a sample limited to three hospitals, the study contributes valuable empirical data that can inform targeted interventions aimed at strengthening cybersecurity culture in healthcare settings, particularly in emerging markets like Indonesia. Future research should focus on expanding the sample size, conducting longitudinal studies, and exploring the qualitative aspects of cybersecurity behavior to gain a deeper understanding of the factors influencing security practices in healthcare.\u003c/p\u003e"},{"header":"Declarations","content":"\u003cp\u003e\u003cstrong\u003eAcknowledgements\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eWe would like to acknowledge the following organizations for providing permit to participate in the study: Haji Hospital of South Sulawesi Province, Labuang Baji Hospital of South Sulawesi Province, and Sayang Rakyat Hospital of South Sulawesi Province. The authors would also like to thank the Institute for Research and Community Service, Hasanuddin University for Partnership initiative for this research.\u0026nbsp;\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eAuthors\u0026rsquo; contributions\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eI.I and A.M. conceptualized the study. I.I and A.M developed the study methodology. I.I; A.M; R.A; N.B; A.N and N.L did the data curation. I.I and N.L. wrote the manuscript. All authors reviewed and edited the manuscript.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFunding\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe research was funded by\u0026nbsp;Institute for Research and Community Service, Hasanuddin University. The funder had no role in the study design, data collection and analysis, decision to publish or the preparation of the manuscript.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eAvailability of data and materials\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eAll data analyzed in the study is available upon written request from the corresponding author.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eEthics approval and consent to participate\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eEthical approval for this study was obtained from the Health Research Ethics Committee of Universitas Hasanuddin (979/UN4.14.1/TP.01.02/2024). All key stakeholders signed an informed consent form prior to participating in the study.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eConsent for publication\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNot applicable.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eCompeting interests\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe authors declare no competing interests\u003c/p\u003e"},{"header":"References","content":"\u003col\u003e\n\u003cli\u003eHidayah, Ramli K. HIPAA-based Analysis on the Awareness Level of Medical Personnel in Indonesia to Secure Electronic Protected Health Information (ePHI). In: 2021 IEEE International Conference on Health, Instrumentation \u0026amp; Measurement, and Natural Sciences (InHeNce). 2021. p. 1\u0026ndash;6. \u003c/li\u003e\n\u003cli\u003eCybersecurity and cybercrime in Indonesia - statistics \u0026amp; facts | Statista [Internet]. [cited 2024 Jun 12]. Available from: https://www.statista.com/topics/11732/cybersecurity-and-cybercrime-in-indonesia/#topicOverview\u003c/li\u003e\n\u003cli\u003eFauzi MA, Yeng P, Yang B, Rachmayani D. Examining the Link Between Stress Level and Cybersecurity Practices of Hospital Staff in Indonesia. In: Proceedings of the 16th International Conference on Availability, Reliability and Security [Internet]. New York, NY, USA: Association for Computing Machinery; 2021. (ARES \u0026rsquo;21). Available from: https://doi.org/10.1145/3465481.3470094\u003c/li\u003e\n\u003cli\u003eSari PK, Prasetio A, Candiwan, Handayani PW, Hidayanto AN, Syauqina S, et al. Information security cultural differences among health care facilities in Indonesia. Heliyon. 2021 Jun 1;7(6):e07248. \u003c/li\u003e\n\u003cli\u003eAlhuwail D, Al-Jafar E, Abdulsalam Y, AlDuaij S. Information Security Awareness and Behaviors of Health Care Professionals at Public Health Care Facilities. Appl Clin Inform. 2021 Aug;12(4):924\u0026ndash;32. \u003c/li\u003e\n\u003cli\u003eBranley-Bell D, Coventry L, Dixon M, Joinson A, Briggs P. Exploring Age and Gender Differences in ICT Cybersecurity Behaviour. Hum Behav Emerg Technol [Internet]. 2022 Jan 1 [cited 2024 Oct 28];2022(1):2693080. Available from: https://onlinelibrary.wiley.com/doi/full/10.1155/2022/2693080\u003c/li\u003e\n\u003cli\u003eFoth M, Schusterschitz C, Flatscher‐Th\u0026ouml;ni M. Technology acceptance as an influencing factor of hospital employees\u0026rsquo; compliance with data-protection standards in Germany. J Public Heal [Internet]. 2012 Oct 27 [cited 2024 Oct 28];20(3):253\u0026ndash;68. Available from: https://link.springer.com/article/10.1007/s10389-011-0456-9\u003c/li\u003e\n\u003cli\u003eSabet C, Lin JC, Zhong A, Nguyen D. Cybersecurity in the age of digital pandemics: protecting patient data in low-income and middle-income countries. Lancet Glob Heal [Internet]. 2024 Jun 1 [cited 2024 Oct 28];12(6):e911\u0026ndash;2. Available from: http://www.thelancet.com/article/S2214109X24001244/fulltext\u003c/li\u003e\n\u003cli\u003eKaberuka J, Johnson C. Adapting STPA-sec for Socio-technical Cyber Security Challenges in Emerging Nations: A Case Study in Risk Management for Rwandan Health Care. Int Conf Cyber Secur Prot Digit Serv Cyber Secur 2020. 2020 Jun 1; \u003c/li\u003e\n\u003cli\u003eGeorgiadou A, Mouzakitis S, Bounas K, Askounis D. A Cyber-Security Culture Framework for Assessing Organization Readiness. J Comput Inf Syst [Internet]. 2022 May 4;62(3):452\u0026ndash;62. Available from: https://doi.org/10.1080/08874417.2020.1845583\u003c/li\u003e\n\u003cli\u003eGioulekas F, Stamatiadis E, Tzikas A, Gounaris K, Georgiadou A, Michalitsi-Psarrou A, et al. A Cybersecurity Culture Survey Targeting Healthcare Critical Infrastructures. Healthc (Basel, Switzerland). 2022 Feb;10(2). \u003c/li\u003e\n\u003cli\u003eSari PK. Model Perilaku Keamanan Sistem Informasi Kesehatan dan Implikasinya dalam Pengembangan Roadmap Manajemen Keamanan Informasi pada Fasilitas Pelayanan Kesehatan di Indonesia. Universitas Indonesia; 2023. \u003c/li\u003e\n\u003cli\u003eParsons K, Calic D, Pattinson M, Butavicius M, McCormac A, Zwaans T. The Human Aspects of Information Security Questionnaire (HAIS-Q): Two further validation studies. Comput Secur. 2017 May 1;66:40\u0026ndash;51. \u003c/li\u003e\n\u003cli\u003eEgelman S, Peer E. Scaling the security wall : Developing a security behavior intentions scale (SeBIS). Conf Hum Factors Comput Syst - Proc [Internet]. 2015 Apr 18 [cited 2024 Oct 28];2015-April:2873\u0026ndash;82. Available from: https://dl.acm.org/doi/10.1145/2702123.2702249\u003c/li\u003e\n\u003cli\u003eHadlington L. Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon. 2017 Jul 1;3(7):e00346. \u003c/li\u003e\n\u003cli\u003eIfinedo P, Akinnuwesi BA. Employees\u0026rsquo; non-malicious, counterproductive computer security behaviors (CCSB) in Nigeria and Canada: An empirical and comparative analysis. IEEE Int Conf Adapt Sci Technol ICAST. 2015 Mar 25;2015-January. \u003c/li\u003e\n\u003cli\u003eHore K, Hoi Tan M, Kehoe A, Beegan A, Mason S, Al Mane N, et al. Cybersecurity and critical care staff: A mixed methods study. Int J Med Inform. 2024 May;185:105412. \u003c/li\u003e\n\u003cli\u003eNifakos S, Chandramouli K, Nikolaou CK, Papachristou P, Koch S, Panaousis E, et al. Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review. Sensors (Basel). 2021 Jul;21(15). \u003c/li\u003e\n\u003cli\u003eAhouanmenou S, Van Looy A, Poels G. Information security and privacy in hospitals: a literature mapping and review of research gaps. Inform Health Soc Care. 2023 Jan;48(1):30\u0026ndash;46. \u003c/li\u003e\n\u003cli\u003eJalali MS, Bruckes M, Westmattelmann D, Schewe G. Why Employees (Still) Click on Phishing Links: Investigation in Hospitals. J Med Internet Res. 2020 Jan;22(1):e16775. \u003c/li\u003e\n\u003cli\u003eHull M, Zhang-Kennedy L, Baig K, Chiasson S. Understanding individual differences: factors affecting secure computer behaviour. Behav Inf Technol [Internet]. 2022 Nov 18;41(15):3237\u0026ndash;63. Available from: https://doi.org/10.1080/0144929X.2021.1977849\u003c/li\u003e\n\u003cli\u003eFreed D, Bazarova NN, Consolvo S, Han EJ, Kelley PG, Thomas K, et al. Understanding Digital-Safety Experiences of Youth in the U.S. In: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems [Internet]. New York, NY, USA: Association for Computing Machinery; 2023. (CHI \u0026rsquo;23). Available from: https://doi.org/10.1145/3544548.3581128\u003c/li\u003e\n\u003cli\u003eNasrabadi AN, Norouzkhani N, Manookian A, Cheraghi MA, Mohammadi M, Izadidastenaei Z, et al. Safeguarding Patient Information as an Issue Faced by Nurses: A policy brief. Asia Pacific J Heal Manag [Internet]. 2024 Oct 20 [cited 2024 Nov 5];19(2). Available from: https://journal.achsm.org.au/index.php/achsm/article/view/3013\u003c/li\u003e\n\u003cli\u003eArgyridou E, Nifakos S, Laoudias C, Panda S, Panaousis E, Chandramouli K, et al. Cyber Hygiene Methodology for Raising Cybersecurity and Data Privacy Awareness in Health Care Organizations: Concept Study. J Med Internet Res. 2023 Jul;25:e41294. \u003c/li\u003e\n\u003cli\u003eLuidold C, Jungbauer C. Cybersecurity policy framework requirements for the establishment of highly interoperable and interconnected health data spaces. Front Med. 2024;11:1379852. \u003c/li\u003e\n\u003c/ol\u003e"}],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":true,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":false,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":false,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Cybersecurity culture, Healthcare professionals, Data protection, Digital security, Indonesia","lastPublishedDoi":"10.21203/rs.3.rs-5421169/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-5421169/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003e\u003cstrong\u003eIntroduction:\u003c/strong\u003e Digitalization in healthcare has increased cybersecurity risks, especially in regions with limited protective measures. In Indonesia, the cybersecurity culture among healthcare professionals remains underdeveloped, posing potential threats to patient data security.\u003c/p\u003e\n\u003cp\u003eObjectives: This study assessed cybersecurity culture among healthcare workers in Makassar, Indonesia, focusing on their knowledge, attitudes, and practices, and examined the influence of demographics on these factors.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eMethods:\u003c/strong\u003e A cross-sectional survey was conducted with 574 healthcare workers from three hospitals in Makassar. The survey measured cybersecurity knowledge, attitudes, and practices, and analyzed demographic influences such as age, gender, and profession.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eResults:\u003c/strong\u003e Findings revealed substantial knowledge gaps, with 61.7% of respondents unaware of cybersecurity policies, and 65.5% unable to recognize email fraud. Although attitudes toward security were generally positive, risky behaviors—such as using personal devices for sensitive data (72.1%) and installing unauthorized software (70.2%)—persisted. Younger healthcare workers and nurses exhibited stronger cybersecurity practices, while older staff and physicians had lower compliance.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eConclusion:\u003c/strong\u003e This study underscores an urgent need for comprehensive cybersecurity training, policy clarity, and leadership support in Indonesian healthcare. Targeted interventions based on demographic factors could enhance adherence to cybersecurity practices, bolstering patient data protection and healthcare system resilience.\u003c/p\u003e","manuscriptTitle":"Cybersecurity Culture Among Healthcare Workers in Indonesia: Knowledge Gaps, Demographic Influences, and Strategic Policy Solutions","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-12-17 09:53:36","doi":"10.21203/rs.3.rs-5421169/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"f67eea6e-00f3-4208-b496-86ded1e7b713","owner":[],"postedDate":"December 17th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2025-06-24T01:38:38+00:00","versionOfRecord":[],"versionCreatedAt":"2024-12-17 09:53:36","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-5421169","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-5421169","identity":"rs-5421169","version":["v1"]},"buildId":"qtupq5eGEP_6zYnWcrvyt","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}

Text is read by the "Ask this paper" AI Q&A widget below. Extraction quality varies by source — PMC NXML preserves structure cleanly, OA-HTML may include some navigation residue, and OA-PDF can have broken hyphenation. The publisher copy (via DOI) is the canonical version.

My notes (saved in your browser only)

Ask this paper AI returns verbatim quotes from the full text · source: preprint-html

Answers must be backed by verbatim quotes from this paper's full text. Hallucinated quotes are dropped automatically; if no verbatim passage answers the question, we say so. How this works

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2024) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.

Source provenance

europepmc
last seen: 2026-05-20T01:45:00.602351+00:00