Warning: This is an author submission that is not peer-reviewed or edited. Preprints - unless they show as "accepted" - should not be relied on to guide clinical practice or health-related behavior and should not be reported in news media as established information.
Original paper ENHANCING CYBERSECURITY AWARENESS IN HEALTHCARE WORKERS: AI-POWERED SURVEY ANALYSIS AND TAILORED TRAINING INTERVENTIONS
ABSTRACT
Background:
Increasing digital transformation in healthcare has amplified cybersecurity vulnerabilities, particularly due to complex hospital information systems and heterogeneous digital engagement among healthcare workers. Despite rising cyberattacks targeting health institutions, the knowledge-behavior gap and the limited institutional preparedness remain major challenges.
Objective:
This study aimed to evaluate cybersecurity awareness, behaviors, incident experiences, and training needs of healthcare workers using an AI-supported analytic framework. By integrating hospital-specific risk parameters, the study further sought to generate personalized educational recommendations.
Methods:
A cross-sectional mixed-methods study was conducted with 500 healthcare workers selected through stratified random sampling. Data were collected using a 63-item, institution-tailored cybersecurity questionnaire developed through expert consultation and pilot testing (Cronbach’s α = .82). Quantitative analysis included descriptive statistics, chi-square tests, correlation analysis, and effect size calculations, while qualitative responses were analyzed thematically. AI-augmented modeling was used to detect risk patterns across clinical departments, shift types, and digital-system usage.
Results:
Although perceived cyber-risk was high (61.2%), only 29.4% considered their institution’s cybersecurity readiness adequate. Optimal password practices were observed in merely 38.4% of participants, while 16.8% never used multi-factor authentication. System-update behavior was notably weak (71.8% irregular updating). A total of 26.8% reported confirmed cyber incidents, and 35.4% were unaware of their institution’s breach history. Despite these vulnerabilities, training receptivity was high (74.4%). Cybersecurity knowledge correlated negatively with age (r = -0.402, p < .001) and varied by profession, with IT staff demonstrating the highest awareness. Knowledge significantly predicted safer behaviors (χ²(3)=127.54, p<.001), although a clear knowledge-behavior discrepancy persisted.
Conclusions:
Healthcare workers exhibit high threat awareness but insufficient protective practices, coupled with notable institutional gaps in training and breach communication. Findings highlight the urgent need for multi-layered interventions integrating individual skill-building, organizational policy reinforcement, technological safeguards, and continuous cybersecurity education. AI-driven, personalized training models may help close the knowledge-behavior gap and strengthen cybersecurity resilience within healthcare systems.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.