The COVID-19 pandemic impact on Information Security Policy compliance in regional healthcare. : An empirical study

Abstract: Information Security (InfoSec) is a broad term used to describe the study of how to protect sensitive data from unauthorized access, modification, or deletion. InfoSec is commonly used within companies and organisations to facilitate the secure use of digital systems, taking its shape in the form of technical solutions as well as rules and guidelines defined in a so-called Information Security Policy (ISP). Subsequently, ISPs, which aim to mitigate the risks posed by the generally agreed upon weakest link, the human factor, is considered a crucial asset to maintaining security. The outbreak of the COVID-19 pandemic further solidifying its worth as an increase in attacks targeting humans, especially within the healthcare sector, can be seen. Research directed at ISPs is a much debated area which scientists from many different fields of study continuously lend their efforts. However, to the best of the authors' knowledge no recent studies can been seen that examines ISP Compliance (ISPC), with a focus on InfoSec awareness, from a Swedish regional healthcare employees’ perspective. Hence, this study seeks to provide an insight into this area, with the outbreak of the COVID-19 pandemic in mind. The research is based on a web-questionnaire survey created using information gained throughout several interviews with people working in the field of InfoSec. It seeks to examine healthcare employees' InfoSec awareness following the COVID-19 pandemic outbreak with regard  teleworking. It can be seen from the results that healthcare sector employees' were well aware of the InfoSec risks related to the changing work conditions following the outbreak of the COVID-19 pandemic.