CYBER RISKS IN JORDANIAN PRIVATE HOSPITALS: A QUALITATIVE STUDY OF SOCIOTECHNICAL AND BEHAVIORAL BARRIERS TO STAFF SECURE PRACTICES
DOI:
https://doi.org/10.70917/ijcisim-2026-2469Keywords:
cyber risk, healthcare, sociotechnical barriers, resilience, Jordan, staff behavior, qualitative studyAbstract
Background: Cyber risk threats to healthcare are escalating, with human behavior identified as a critical vulnerability. In Jordanian private hospitals, staff often bypass security protocols, yet no empirical study has systematically explored the sociotechnical and behavioral barriers in this resourceconstrained, culturally specific context.
Objective: To explore cyber risk challenges in Jordanian private hospitals, focusing on sociotechnical and behavioral barriers that impede staff engagement with secure practices.
Methods: Adopting an interpretivist paradigm, semistructured interviews were conducted with 18 IT professionals across five private hospitals in Jordan. Data were analyzed using thematic analysis following Graneheim and Lundman’s framework. Trustworthiness was ensured through member checking, peer debriefing, audit trails, and reflexive journaling.
Results: Three overarching themes emerged: (1) technological infrastructure vulnerabilities (legacy systems, untested backups, password sharing), (2) operational risks (system downtime, diagnostic disruption, surgical cancellations, emergency diversion), and (3) systemic challenges (clinicalsecurity paradox, cascading failure chains, dual role of patient trust). Insecure behaviors were confirmed as instrumental adaptations to productivity pressure and fatigue, not careless errors.
Conclusion: Cyber risk vulnerabilities in Jordanian private hospitals are fundamentally systemic. Interventions must address technology, human behavior, organizational culture, and resource constraints simultaneously, shifting from preventioncentric to resiliencebased approaches.