Examining the Link Between Stress Level and Cybersecurity Practices of Hospital Staff in Indonesia

Abstract

Since healthcare information systems have many important data that can attract many adversaries, it is important to take the right steps to prevent data breaches. Recent studies suggested that 85% of breaches involved a human element and the frequent patterns used are social engineerings. Therefore, many studies focus on making a better understanding of human behavior in cybersecurity and the factors that affect cybersecurity practices. However, there are only a few peer-reviewed studies that focus on the link between stress level and cybersecurity practices. In this study, we examined the link between stress level and cybersecurity practices among hospital employees in Indonesia by surveying 99 hospital workers. Perceived Stress Scale (PSS) was used to measure the employees’ stress level and a new scale to measure hospital staff’s risky cybersecurity practices was proposed. This study showed that both PSS and proposed cybersecurity practices scales are reliable with Cronbach’s α value of more than 0.7. The survey results also revealed that hospital worker’s higher stress levels correlate significantly with riskier cybersecurity practices (rs = 0.305, p < 0.01). Besides, a higher stress level is also significantly linked to certain cybersecurity practices, such as clicking on a link in an email from an unknown sender, not preventing colleagues from viewing patients’ information for a non-therapeutic purpose, posting patient information on social media, ignoring colleagues who engage in negative information security practices, and failing to create strong passwords.