2026-04-18T03:33:29Zhttps://uvadoc.uva.es/oai/request

oai:uvadoc.uva.es:10324/795072025-11-10T20:01:12Zcom_10324_1191com_10324_931com_10324_894col_10324_1379

00925njm 22002777a 4500 dc Herrera Montano, Isabel author Góngora Alonso, Susel author Sañudo García, Soledad author García Aranda, José Javier author Rodrígues, Joel J.P.C. author Torre Díez, Isabel de la author 2026 Introduction: Insider threats pose a critical risk in healthcare environments, where Hospital Information Systems (HIS) manage sensitive patients data. Authorized users may intentionally or accidentally compromise data confidentiality, integrity, and availability. This study assessed information security practices from the perspec- tive of healthcare professionals in Spanish medical centers. Methods: A descriptive, analytical, cross-sectional study was conducted using a survey administered to 41 healthcare professionals with access to confidential data. The survey covered access control, encryption at rest and in transit, communication channels, and data usage control. Descriptive statistics, Chi-square tests, and Cram´er’s V were applied to identify significant associations. K-means clustering and Silhouette coefficient were used to define user profiles. Principal Component Analysis (PCA) was used to visualize behavior patterns. A Random Forest model identified the most relevant predictive variables. Results: Critical security gaps were detected, 31.7 % reported no control over data usage. Only 29.3 % encrypted data at rest and 36.6 % during transmission. Over 40 % used personal email or messaging apps to share sensitive data, and 97.6 % relied solely on passwords for authentication. These practices are inadequate to mitigate insider threats. Conclusion: There is an urgent need to strengthen insider data protection. Security strategies should be tailored to user risk profiles. Measures must include strong authentication, full encryption, and stricter control of data transmission to reduce exposure to insider threats (intentionally or unintentionally) in healthcare settings. Additionally, there is a need to promote continuous cybersecurity training. International Journal of Medical Informatics, 2025, vol. 205, p. 106107 1386-5056 https://uvadoc.uva.es/handle/10324/79507 10.1016/j.ijmedinf.2025.106107 106107 International Journal of Medical Informatics 205 Security practices and insider threats in Spanish healthcare centers: a survey-based risk assessment