Cybersecurity and critical care staff: A mixed methods study

Kevin Hore, Mong Hoi Tan, Anne Kehoe, Aidan Beegan, Sabina Mason, Nader Al Mane, Deirdre Hughes, Caroline Kelly, John Wells, Claire Magner

Research output: Contribution to journalArticlepeer-review


Introduction: Cyberattacks on healthcare organisations are becoming increasingly common and represent a growing threat to patient safety. The majority of breaches in cybersecurity have been attributed to human error. Intensive care departments are particularly vulnerable to cyberattacks. The aim of this study was to investigate cybersecurity awareness, knowledge and behaviours among critical care staff. Methods: This was a multi-site cross-sectional survey study administered to critical care staff. Cybersecurity awareness was evaluated using the validated HAIS-Q instrument. Knowledge and behaviours were evaluated by direct questioning and scenario-based multiple-choice questions. Free text options were also offered to respondents. Thematic analysis was performed on free text sections. Results: Median scores of 12–15 in each of the HAIS-Q focus areas were achieved, indicating high levels of cybersecurity awareness among critical care staff. However, self-reported confidence in cybersecurity practices, especially identifying signs of cybersecurity breaches and reporting cybersecurity incidents, were relatively low. Participants responses to the scenarios demonstrated a lack of knowledge and awareness of some of the mechanisms of cyberattacks. Barriers to safe cybersecurity practices among staff that emerged from the qualitative analysis included: a lack of training and education; heavy workloads and staff fatigue; perceived lack of IT support and poor IT infrastructure. Conclusion: Critical care staff appear to have a high-level cybersecurity awareness. However, in practice safe cybersecurity practices are not always followed. ICU departments and hospitals must invest in the human aspect of cybersecurity to strength their cyber-defences and to protect patients.

Original languageEnglish
Article number105412
Pages (from-to)105412
JournalInternational Journal of Medical Informatics
Publication statusPublished - 01 May 2024


  • Humans
  • Cross-Sectional Studies
  • Delivery of Health Care
  • Hospitals
  • Computer Security
  • Critical Care


Dive into the research topics of 'Cybersecurity and critical care staff: A mixed methods study'. Together they form a unique fingerprint.

Cite this