Abstract
Background: High quality healthcare services can be achieved only by utilizing information technology. Information security is an ongoing challenge and security breaches emerging from user misbehavior are considered to be a devastating latent source of threats to patient data. This study evaluated information security practices of nurses at the King Saudi University Hospitals in Saudi Arabia.
Method: A random sample of nurses (n=352; 328 females and 24 males; age 40 +/- 0.6 yr (mean +/- SE)) was interviewed.
Results: The results show that while 92% of nurses agree that the principle of password authentication is important, their behavior in practice is completely inconsistent with this principle. This is clearly indicated by the fact that 81% of the interviewed nurses have never changed their system generated passwords, 54% do not change their passwords after these have been released to unauthorized persons, 33% share and communicate passwords with colleagues, 32% allow others to use their account credentials, and 16% do not log off applications after work sessions.
Conclusion: The current study has demonstrated that the information security practices of nurses may represent a potential threat to the information security and privacy of patients. The study calls for raising the level of security awareness among nurses to reduce the security threats posed by user misbehavior.