Cyber-attack avoidance behaviour in District Health Information System (DHIS) : a case of Tshwane district healthcare centres

Abstract

Implementing effective cyber-security controls in e-health systems in South Africa, especially those used in hospitals, will help prevent cyber-attacks and protect sensitive data. This study aimed to determine the effective ways of encouraging compliance with the District Health Information System (DHIS) cyber-security controls. In order to accomplish this aim, the researcher investigated how healthcare support staff from the Tshwane District Healthcare Centres who interact directly with the DHIS perceive cyber-attack threats. The Technology Acceptance Model, Technology, Organisation, Environment framework, and Technology Threat Avoidance Theory were used to develop the conceptual framework for this study. A web-based survey was sent to 126 participants who all interacted directly with the DHIS in the Tshwane District Healthcare Centres. Structural relationships between factors were investigated using correlation and multiple regressions. Of the eight hypotheses, three were found to be significant. Training, top management support, and the perceived ease of use of the DHIS software were found by the multiple regression analysis to relate to cyber-attack avoidance motivation. However, the multiple regression analysis rejected hypotheses with TTAT factors and perceived usefulness of the DHIS software. This was even though the descriptive statistics showed that participants overwhelmingly agreed the severity of cyber-attacks, the system's vulnerability to such attacks, the effectiveness of the prescribed policies and controls, and the usefulness of the District Health Information System were important. The findings of the study also showed that health data was at high risk from ransomware attacks, phishing, and denial-of-service. Based on these findings, the threat of cyber-attacks results from the healthcare institutions’ lack of suitable training, including for cyber-security personnel, and financial and other support from the organisation. The need to protect valuable data from hackers is crucial. Therefore, this research is essential for healthcare professionals, academics and researchers. Hence it is also valuable to the healthcare institutions in Tshwane District Healthcare Centres. This effectiveness will only be achieved if there is appropriate behavioural change on the part of those who can protect the system. The outcome of this study may be used as a recommendation on how to motivate users of the DHIS to implement and adhere to cyber-security controls.