Systematic Review
Influence of Human Factors on Cyber Security within
Healthcare Organisations: A Systematic Review
Sokratis Nifakos
1,
*
,†
, Krishna Chandramouli
2,†
, Charoula Konstantina Nikolaou
3
,
Panagiotis Papachristou
1
, Sabine Koch
1
, Emmanouil Panaousis
4,†
and Stefano Bonacina
1,†
Citation: Nifakos, S.; Chandramouli,
K.; Nikolaou, C.K.; Papachristou, P.;
Koch, S.; Panaousis, E.; Bonacina, S.
Influence of Human Factors on Cyber
Security within Healthcare
Organisations: A Systematic Review.
Sensors 2021, 21, 5119. https://
doi.org/10.3390/s21155119
Academic Editors: Alexios Mylonas
and Nikolaos Pitropakis
Received: 29 June 2021
Accepted: 16 July 2021
Published: 28 July 2021
Publisher’s Note: MDPI stays neutral
with regard to jurisdictional claims in
published maps and institutional affil-
iations.
Copyright: © 2021 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).
1
Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, 171 77 Solna, Sweden;
panagiotis.papachristou@ki.se (P.P.); sabine.koch@ki.se (S.K.); stefano.bonacina@ki.se (S.B.)
2
School of Electronic Engineering and Computer Science, Queen Mary University of London,
London E1 4NS, UK; krishna.chandramouli@qmul.ac.uk
3
Natural Resources Institute, University of Greenwich, Kent ME4 4TB, UK; c.k.nikolaou@greenwich.ac.uk
4
School of Computing and Mathematical Sciences, University of Greenwich, London SE10 9LS, UK;
e.panaousis@greenwich.ac.uk
* Correspondence: sokratis.nifakos@ki.se; Tel.: +46-73-7121-475
† These authors contributed equally to this work.
Abstract:
Background: Cybersecurity is increasingly becoming a prominent concern among healthcare
providers in adopting digital technologies for improving the quality of care delivered to patients.
The recent reports on cyber attacks, such as ransomware and WannaCry, have brought to life the
destructive nature of such attacks upon healthcare. In complement to cyberattacks, which have been
targeted against the vulnerabilities of information technology (IT) infrastructures, a new form of
cyber attack aims to exploit human vulnerabilities; such attacks are categorised as social engineering
attacks. Following an increase in the frequency and ingenuity of attacks launched against hospitals
and clinical environments with the intention of causing service disruption, there is a strong need to
study the level of awareness programmes and training activities offered to the staff by healthcare
organisations. Objective: The objective of this systematic review is to identify commonly encountered
factors that cybersecurity postures of a healthcare organisation, resulting from the ignorance of
cyber threat to healthcare. The systematic review aims to consolidate the current literature being
reported upon human behaviour resulting in security gaps that mitigate the cyber defence strategy
adopted by healthcare organisations. Additionally, the paper also reviews the organisational risk
assessment methodology implemented and the policies being adopted to strengthen cybersecurity.
Methods: The topic of cybersecurity within healthcare and the clinical environment has attracted
the interest of several researchers, resulting in a broad range of literature. The inclusion criteria
for the articles in the review stem from the scope of the five research questions identified. To this
end, we conducted seven search queries across three repositories, namely (i) PubMed
®
/MED-LINE;
(ii) Cumulative Index to Nursing and Allied Health Literature (CINAHL); and (iii) Web of Science
(WoS), using key words related to cybersecurity awareness, training, organisation risk assessment
methodologies, policies and recommendations adopted as counter measures within health care.
These were restricted to around the last 12 years. Results: A total of 70 articles were selected to be
included in the review, which addresses the complexity of cybersecurity measures adopted within
the healthcare and clinical environments. The articles included in the review highlight the evolving
nature of cybersecurity threats stemming from exploiting IT infrastructures to more advanced attacks
launched with the intent of exploiting human vulnerability. A steady increase in the literature
on the threat of phishing attacks evidences the growing threat of social engineering attacks. As a
countermeasure, through the review, we identified articles that provide methodologies resulting
from case studies to promote cybersecurity awareness among stakeholders. The articles included
highlight the need to adopt cyber hygiene practices among healthcare professionals while accessing
social media platforms, which forms an ideal test bed for the attackers to gain insight into the life
of healthcare professionals. Additionally, the review also includes articles that present strategies
adopted by healthcare organisations in countering the impact of social engineering attacks. The
evaluation of the cybersecurity risk assessment of an organisation is another key area of study
Sensors 2021, 21, 5119. https://doi.org/10.3390/s21155119 https://www.mdpi.com/journal/sensors
