HOW INFORMATION SECURITY MANAGEMENT SYSTEMS INFLUENCE THE HEALTHCARE PROFESSIONALS' SECURITY BEHAVIOR IN A PUBLIC HOSPITAL IN INDONESIA

Aim/Purpose This study analyzes health professionals' information security behavior (ISB) as health information system (HIS) users concerning associated information secu-rity controls and risks established in a public hospital. This work measures ISB using a complete measuring scale and explains the relevant influential factors from the perspectives of Protection Motivation Theory (PMT) and General Deterrence Theory (GDT) Background Internal users are the primary source of security concerns in hospitals, with malware and social engineering becoming common attack vectors in the health industry. This study focuses on HIS user behavior in developing countries with limited information security policies and resources. Methodology The research was carried out in three stages. First, a semi-structured interview was conducted with three hospital administrators in charge of HIS implementa-tion to investigate information security controls and threats. Second, a survey of 144 HIS users to determine ISB based on hospital security risk. Third, a semi-structured interview was conducted with 11 HIS users to discuss the ele-ments influencing behavior and current information security implementation. Contribution This study contributes to ISB practices in hospitals. It discusses how HIS man-agers could build information security programs to enhance health profession-als' behavior by considering PMT and GDT elements. Findings According to the findings of this study, the hospital has implemented particular information security management system (ISMS) controls based on interna-tional standards, but there is still room for improvement. Insiders are the most prevalent information security dangers discovered, with certain working prac-tices requiring HIS users to disclose passwords with others. The top three most common ISBs HIS users practice include appropriately disposing of printouts, validating link sources, and using a password to unlock the device. Meanwhile, the top three least commonly seen ISBs include transferring sensitive infor-mation online, leaving a password in an unsupervised area, and revealing sensi-tive information via social media. Recommendations for Practitioners Hospital managers should create work practices that align with information se-curity requirements. HIS managers should provide incentives to improve work-ers' perceptions of the benefit of robust information security measures. Recommendations for Researchers This study suggests more research into the components that influence ISB uti-lizing diverse theoretical foundations such as Regulatory Focus Theory to com-pare preventive and promotion motivation to enhance ISB. Impact on Society This study can potentially improve information security in the healthcare indus-try, which has substantial risks to human life but still lags behind other vital sec-tor implementations. Future Research Future research could look into the best content and format for an information security education and training program to promote the behaviors of healthcare professionals that need to be improved based on this ISB measurement and other influential factors. © 2023 Informing Science Institute. All rights reserved.