RT info:eu-repo/semantics/article
T1 Security practices and insider threats in Spanish healthcare centers: a survey-based risk assessment
A1 Herrera Montano, Isabel
A1 Góngora Alonso, Susel
A1 Sañudo García, Soledad
A1 García Aranda, José Javier
A1 Rodrígues, Joel J.P.C.
A1 Torre Díez, Isabel de la
K1 Cybersecurity
K1 Healthcare
K1 Insider threats
K1 Information security
K1 Survey
K1 3304.13 Dispositivos de Transmisión de Datos
AB Introduction: Insider threats pose a critical risk in healthcare environments, where Hospital Information Systems(HIS) manage sensitive patients data. Authorized users may intentionally or accidentally compromise dataconfidentiality, integrity, and availability. This study assessed information security practices from the perspec-tive of healthcare professionals in Spanish medical centers.Methods: A descriptive, analytical, cross-sectional study was conducted using a survey administered to 41healthcare professionals with access to confidential data. The survey covered access control, encryption at restand in transit, communication channels, and data usage control. Descriptive statistics, Chi-square tests, andCram´er’s V were applied to identify significant associations. K-means clustering and Silhouette coefficient wereused to define user profiles. Principal Component Analysis (PCA) was used to visualize behavior patterns. ARandom Forest model identified the most relevant predictive variables.Results: Critical security gaps were detected, 31.7 % reported no control over data usage. Only 29.3 % encrypteddata at rest and 36.6 % during transmission. Over 40 % used personal email or messaging apps to share sensitivedata, and 97.6 % relied solely on passwords for authentication. These practices are inadequate to mitigate insiderthreats.Conclusion: There is an urgent need to strengthen insider data protection. Security strategies should be tailored touser risk profiles. Measures must include strong authentication, full encryption, and stricter control of datatransmission to reduce exposure to insider threats (intentionally or unintentionally) in healthcare settings.Additionally, there is a need to promote continuous cybersecurity training.
PB Elsevier
SN 1386-5056
YR 2026
FD 2026
LK https://uvadoc.uva.es/handle/10324/79507
UL https://uvadoc.uva.es/handle/10324/79507
LA eng
NO International Journal of Medical Informatics, 2025, vol. 205, p. 106107
NO Producción Científica
DS UVaDOC
RD 01-dic-2025