Measuring The Knowledge Level of Healthcare Personnel on Information Security

Authors

DOI:

https://doi.org/10.63556/tisej.2026.1617

Keywords:

Information Security, Hospital Information Management System, Healthcare Personnel

Abstract

Information security has become a global priority and an increasingly comprehensive field of concern. Despite its critical importance for patient safety, it is not accorded sufficient attention in practice. Although significant progress has been made in establishing legal and regulatory frameworks to ensure information security, the development of an effective and holistic security ecosystem necessitates multidimensional structural transformations encompassing human factors, technological systems, and organizational processes. Healthcare institutions constitute attractive targets for cybercrime due to the richness and value of the data they generate and store. Cybersecurity breaches in the healthcare sector include unauthorized access to patient information and ransomware attacks targeting healthcare organizations, thereby threatening both data confidentiality and service continuity. Such breaches may undermine patient trust, disrupt the functioning of healthcare systems, and ultimately pose risks to human life. The primary aim of this study is to identify structural and practice-based deficiencies in the use of information management systems based on healthcare personnel’s perceptions and evaluations regarding information security. A convenience sampling method was employed, and data were collected through a questionnaire. Healthcare personnel were categorized into administrative and clinical units according to their departments, and differences in perceptions between these groups were examined. The findings indicate that 25% of participants do not demonstrate an adequate level of awareness and diligence regarding information security. Furthermore, training programs related to information management systems were found to be insufficient in terms of both duration and content. Ensuring the security of data generated and stored within healthcare institutions, as well as preventing potential data loss, requires particularly clinical staff to undergo structured training programs of adequate duration and scope.

References

Aksu, H. (2014). Kamu çalışanlarının bilgi güvenliğine yönelik algı düzeylerinin belirlenmesi: Milli Savunma Bakanlığı örneği [Yüksek lisans tezi, Gazi Üniversitesi]. YÖK Ulusal Tez Merkezi.

Arce, I. (2003). What is cybercrime? IEEE Security & Privacy, 1(2), 76–77.

Arndt, T. (2018). Electronic health records: Reliable, private, and secure? Health Information Science and Systems, 6(1), 1–7.

Baran, B., & Şener, H. (2019). Bilgi güvenliği farkındalığı: Türkiye’de kamu çalışanlarına yönelik bir durum analizi. Bilgi Güvenliği Dergisi, 11(2), 45–59.

Barrentt, J. (2003). Information security: Managing the legal risks. Computers & Security, 22(6), 476–480.

Blazona, B., & Koncar, M. (2007). HL7 and DICOM based integration of radiology information systems and PACS. Computer Methods and Programs in Biomedicine, 87(2), 131–140.

CISA. (2021). Cybersecurity and Infrastructure Security Agency. https://www.cisa.gov

Canbek, G., & Sağıroğlu, Ş. (2007). Bilgi güvenliği ve yönetimi. Akademik Bilişim Konferansı Bildirileri, 1, 101–107.

Canberk, G., & Sağıroğlu, Ş. (2006). Bilgi güvenliği yönetimi. Kamu-BİB’06 Türkiye Bilişim Derneği Kamu Bilişim Platformu, 1–6.

Cavalli, A., Rognoni, G., & Spina, G. (2004). Security issues in health care information systems. In Proceedings of the IEEE International Workshop on Factory Communication Systems (pp. 211–214).

Civelek, M. E. (2009). Bilgi yönetimi ve güvenliği. İstanbul Üniversitesi Yayınları.

Coventry, L., & Branley, D. (2018). Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas, 113, 48–52. doi:10.1016/j.maturitas.2018.04.008

Deshmukh, A., & Croasdell, D. (2009). Health information systems: Architectures and security. Journal of Health Information Management, 23(2), 30–38.

Dimiter, V. (2016). The impact of electronic health records on healthcare quality: A literature review. Health Information Science and Systems, 4(1), 10–19.

Dodge, R., Carver, C., & Ferguson, A. J. (2007). Phishing for user security awareness. Computers & Security, 26(1), 73–80.

Farzandipour, M., Sadoughi, F., Ahmadi, M., & Karimi, I. (2010). Effective factors on implementation of security policies in Iranian hospitals. Iranian Red Crescent Medical Journal, 12(6), 660–666.

Fernando, J. I. (2004). Confidentiality and privacy in healthcare information systems. Health Management Technology, 25(4), 36–37.

Gebrasilase, D., & Lessa, L. (2011). Information security and human factors. International Journal of Advanced Computer Science and Applications, 2(6), 60–65.

IBM Security Services. (2015). 2015 Cyber Security Intelligence Index. IBM Corporation.

International Organization for Standardization. (2013). ISO/IEC 27001:2013 information technology—Security techniques—Information security management systems—Requirements. ISO.

Internet World Stats. (2020). Usage and population statistics. https://www.internetworldstats.com/stats.htm

Koçel, T. (2010). İşletme yöneticiliği (12. baskı). Beta Yayınları.

Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25(1), 1–10. doi:10.3233/THC 161263

Kruse, C. S., Smith, B., Vanderlinden, H., & Nealand, A. (2017). Security techniques for the electronic health records. Journal of Medical Systems, 41(8), 127. doi:10.1007/s10916 017 0778 4

Kuusisto, R., Hintsa, J., & Pihlajamaa, M. (2003). Information security in a supply chain. In IEEE International Conference on Systems, Man and Cybernetics (Vol. 6, pp. 5487–5492).

Mahreen, M., Batool, M., & Hussain, S. (2016). Security issues and solutions in e-health. International Journal of Computer Applications, 146(1), 1–6.

Maşrap, E., Yıldız, M., & Coşkun, E. (2010). Sağlık bilgi sistemleri güvenliği. Akademik Bilişim Konferansı, Muğla, Türkiye.

Mehraeen, E., Ayatollahi, H., & Ahmadi, M. (2016). Health information security in hospitals: The application of security safeguards. Acta Informatica Medica, 24(1), 47–50.

Misic, M. M., & Misic, G. G. (2007). Security of e-health systems. In E-health systems and wireless communications: Current and future challenges (pp. 56–73). IGI Global.

Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2017). Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q). Computers & Security, 42, 165–176. https://doi.org/10.1016/j.cose.2013.12.003

Ponemon Institute. (2016). Sixth annual benchmark study on privacy & security of healthcare data. https://www.ponemon.org

Ray, P., & Newell, D. (2010). Confidentiality and privacy issues in healthcare information technology. In Healthcare Information Technology (pp. 30–45). Springer.

Rindfleisch, T. C. (1997). Privacy, information technology, and health care. Communications of the ACM, 40(8), 92–100. https://doi.org/10.1145/257874.257896.

Rowe, N. (2016). The disappearing non-academic scientist. Higher Education Quarterly, 70(3), 264–285.

Sağıroğlu, Ş. (2001). Bilgi güvenliği ve yönetimi. Bilgi Güvenliği Sempozyumu, TBD Yayınları.

Shenoy, A., & Appel, J. M. (2017). Safeguarding confidentiality in electronic health records. Cambridge Quarterly of Healthcare Ethics, 26(2), 337–341.

Upfold, C., & Sewry, D. (2005). Information security management: A South African perspective. In SAICSIT Research Symposium (pp. 1–12).

von Solms, B., & von Solms, R. (2004). The 10 deadly sins of information security management. Computers & Security, 23(5), 371–376. https://doi.org/10.1016/j.cose.2004.05.005

Vural, Y., & Sağıroğlu, Ş. (2007). Bilgi güvenliği yönetim sistemi. Gazi Üniversitesi Mühendislik-Mimarlık Fakültesi Dergisi, 22(3), 557–566.

Vural, Y., & Sağıroğlu, Ş. (2008). Kurumsal bilgi güvenliği yönetimi. Akademik Bilişim Bildirileri, 2(1), 89–95.

Whitman, M. E., & Mattord, H. J. (2003). Principles of information security. Cengage Learning.

Williams, P. A. H., & Woodward, A. J. (2015). Cybersecurity vulnerabilities in medical devices: A complex environment and multifaceted problem. Medical Devices: Evidence and Research, 8, 305–316.

Downloads

Published

20.03.2026

How to Cite

EKİYOR, A., & BAŞ, F. (2026). Measuring The Knowledge Level of Healthcare Personnel on Information Security. Third Sector Social Economic Review, 61(1), 735–747. https://doi.org/10.63556/tisej.2026.1617

Issue

Vol. 61 No. 1 (2026)

Section

Research Article

License

Copyright (c) 2026 Third Sector Social Economic Review

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Similar Articles

1 2 3 4 5 6 7 8 9 10 > >> 

You may also start an advanced similarity search for this article.