The role of cybersecurity in hospital procurement processes

Abstract

Cybersecurity is important to hospitals and patients alike and is becoming more important as healthcare is experiencing more cybercrime over time. It is the result of complex interactions between actors and their environment during procurement, but research has not yet studied the combination of cybersecurity, healthcare and procurement together. The main research question is: What is the role of cybersecurity in hospital procurement processes and how can that role be analysed across the sector? Nine semi-structured interviews were conducted with hospital cybersecurity experts. Using a combination of a purchase process model and complex decision-making framework and using semi-grounded theory techniques for analysis, five key factors and their interrelations were identified: supplier-hospital relationship, knowledge exchange and retention, alternative purchase processes, cloud transition and conflicting priorities. These factors influence the decision power of hospitals and their internal departments before and after signing off on a purchase. Based on the results, a complementary survey was developed to scale this research across Dutch hospitals. This survey serves as a stepping stonet for future research efforts.