1 Department of Information Systems, Baylor University, Texas, USA.
2 Department of Statistics and Data Science, University of Kentucky, Kentucky, USA.
3 Department of Legal Services, Royal Marsden NHS Foundation Trust, London, UK.
4 Department of Public and Community Health, Liberty University, Virginia, USA.
5 Department of Occupational Health and Safety Management, Loughborough University, Loughborough, UK.
6 Department of Computing, East Tennessee State University, Tennessee, USA.
International Journal of Science and Research Archive, 2025, 17(01), 024-031
Article DOI: 10.30574/ijsra.2025.17.1.2734
Received on 22 August 2025; revised on 28 September 2025; accepted on 01 October 2025
Healthcare organizations are experiencing a swift increase in cyberattacks targeting valuable patient data and essential systems. Healthcare often spends less on cybersecurity infrastructure than other industries, which makes human weaknesses a major risk factor. Staff and insiders are often to blame for major breaches.
Objective: This study seeks to examine the primary human-factor vulnerabilities in healthcare cybersecurity and to suggest strategies for reducing insider threats in medical facilities.
Methods: We executed a systematic literature review of peer-reviewed studies, industry reports, and breach data (2015–2024) in accordance with PRISMA guidelines. Qualitative thematic coding was employed to identify persistent human-risk themes and assess current mitigation frameworks.
The review shows that most healthcare breaches are caused by mistakes made by people or people who work for the company. Some of the most important weaknesses are being open to social engineering (especially phishing) and being careless because of not enough training, being tired, or a bad security culture. Malicious insiders (data theft, sabotage) and compromised credentials (phishing victims) make the risk even higher. Good ways to reduce risk include technological controls (like access management and monitoring), organizational policies (like role-based privileges and zero-trust), and human-centered measures (like regular training and stress management). Our proposed multi-layered framework integrates these methodologies.
Conclusion: This paper provides a thorough understanding of the predominance of human factors in healthcare cyber risk and presents a sociotechnical framework for mitigation. The study enhances practice and policy by integrating behavioral insights with technical controls and policy alignment, such as compliance with HIPAA and GDPR. Subsequent research ought to investigate AI-facilitated insider detection and cross-cultural analyses of cybersecurity within the health sector.
Healthcare cybersecurity; Insider threats; Human factors; Cyber risk management; Medical facilities
Preview Article PDF
Oghenemena Erukayenure, Habeeb Abolaji Bashir, Ademola Adekunbi, Soala Esther Abere, Ovuoderoye Okpan and Abdussobur Adebayo Giwa. Human factor vulnerabilities in healthcare cybersecurity: Mitigating insider threats in medical facilities. International Journal of Science and Research Archive, 2025, 17(01), 024-031. Article DOI: https://doi.org/10.30574/ijsra.2025.17.1.2734.
Copyright © 2025 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0
