Information technology has become an integral part of healthcare within the United Kingdom’s National Health Service (NHS). All healthcare professionals are required to possess a certain level of computer knowledge and adhere to cyber ethics standards, which are maintained through regular mandatory training. The UK government has laid out a plan to enhance cybersecurity and prevent crises akin to Wannacry. Even seemingly minor lapses, such as leaving a computer unlocked, can pose significant cybersecurity threats to the entire NHS. These issues are not solely resolved through financial means, as they involve intricate human factors.
Non-compliance with cybersecurity policies can often lead to patient harm or breaches of confidentiality. To address this, we conducted an investigation into compliance among junior doctors with the Trust Information Technology (IT) Safe Usage Policy. We implemented interventions and conducted interviews with junior doctors to uncover the reasons behind non-compliance. Subsequently, we re-audited to assess the impact of our interventions. Additionally, we independently audited compliance in another Trust, revealing that this issue is not unique to a particular organization. In this context, we propose changes that all Trusts can implement and suggest following our model for auditing compliance.