Unravelling the Ubiquitous Information Security Compliance Conundrum Among Practitioners In Private Healthcare Organisations Within Malaysia

Healthcare organisations worldwide are continuing to experience numerous information security incidents and breaches despite measures taken to safeguard themselves from such threats and attacks and this study investigates similar issues associated with the private healthcare organisations in Malaysia. A preliminary investigation was conducted from both healthcare and information security respondents through semi-structured interviews and the content analysis technique was used to derive common patterns found in them. The findings from the interviews show that often, the fault lies within the human aspect, i.e. the management and employees of the organisation itself. Some of the factors that have led to information security being compromised are the dearth of commitment from the management, having non-stringent security policies, behavioural issues, lack of security awareness and etc. The exposure from these risks will inevitably jeopardise the organisation’s healthcare informational assets. Thus, to ensure the enforcement of information security policies and to mitigate the threats, proper compliance measures must be established throughout the healthcare organisation. The emerging recurring themes that were identified through the preliminary investigation will be used to guide and structure the mixed methods study in the next phase of the research