Next Article in Journal
An Integrated Intuitionistic Fuzzy-Clustering Approach for Missing Data Imputation
Previous Article in Journal
Multilingual Named Entity Recognition in Arabic and Urdu Tweets Using Pretrained Transfer Learning Models
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Computers
Volume 14
Issue 8
10.3390/computers14080324
computers-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Cybersecurity Threats in Saudi Healthcare: Exploring Email Communication Practices to Enhance Cybersecurity Among Healthcare Employees in Saudi Arabia

by
Ebtesam Shadadi
1,*,
Rasha Ibrahim
2 and
Essam Ghadafi
2
1
Department of Computer Science, College of Engineering & Computer Science, Jazan University, Jazan 45142, Saudi Arabia
2
Department School of Computing, Newcastle University, Newcastle NE1 7RU, UK
*
Author to whom correspondence should be addressed.
Computers 2025, 14(8), 324; https://doi.org/10.3390/computers14080324
Submission received: 5 July 2025 / Revised: 4 August 2025 / Accepted: 4 August 2025 / Published: 12 August 2025
(This article belongs to the Section Human–Computer Interactions)
Browse Figures
Versions Notes

Abstract

As cyber threats such as phishing and ransomware continue to escalate, healthcare systems are facing significant challenges in protecting sensitive data and ensuring operational continuity. This study explores how email communication practices influence cybersecurity in Saudi Arabia’s healthcare sector, particularly within the framework of rapid digitalisation under Vision 2030. The research employs a qualitative approach, with semi-structured interviews conducted with 40 healthcare professionals across various hospitals. A phenomenological analysis of the data revealed several key vulnerabilities, including inconsistent cybersecurity training, a reliance on informal messaging apps, and limited awareness of phishing tactics. The inconsistent cybersecurity training across regions emerged as a major weakness affecting overall resilience. These findings, grounded in rich qualitative data, offer a significant standalone contribution to understanding cybersecurity in healthcare settings. The findings highlight the need for mandatory training and awareness programmes and policy reforms to enhance cyber resilience within healthcare settings.

1. Introduction

1.1. Background

The healthcare sector is the backbone of the health of a nation’s citizens. Rapid digital change has occurred in healthcare sectors worldwide, leading to better patient care and more efficient operations. However, this change has come with significant cyber threats. Problems such as data breaches, phishing, and ransomware can compromise important patient information, interrupt vital services, and cause substantial financial losses [1]. Several studies have emphasised that modern IT infrastructures, especially in healthcare, are increasingly vulnerable due to expanding digital integration and IoT technologies [2,3].
A recent study in Saudi Arabia highlighted how phishing attacks exploit human behaviours and underlined the necessity of cybersecurity awareness to mitigate such threats [4].
Various factors make it difficult to implement and maintain sufficient cybersecurity measures to protect information technology infrastructure and confidential data in Saudi Arabian institutions. Institutions need to be aware of evolving cyber threats and invest in cybersecurity to preserve their assets and reputations [5].
Several studies conducted after the 2016 launch of Vision 2030 contend that Saudi Arabia’s healthcare industry continues to encounter tremendous obstacles in meeting the needs of an ever-increasing population. According to this research, a better healthcare system is anticipated to lengthen life expectancy, which means accommodating an ageing population. This heavily strains the current system, necessitating a substantial pool of qualified healthcare workers. Vision 2030, Saudi Arabia’s new strategic plan, offers a public healthcare model and several opportunities for the health sector to adjust its strategic priorities and future direction in response to this situation. Politicians should consider and address the issue of the healthcare industry’s undertrained workers by facilitating the creation of human resource development (HRD) programmes that can adequately train and educate a large pool of future healthcare workers [6].
According to the 2024 IBM Cost of a Data Breach Report, the healthcare sector experiences the highest costs of data breaches among all industries [7]. Furthermore, Kaspersky reported that it blocked over 893 million phishing attempts worldwide in 2024, marking a 26% rise compared to 2023 [8,9]. In the first half of 2024, nearly 9.7 million compromised user account records were found on the dark web, particularly from Egypt, Saudi Arabia, and the UAE, with many involving healthcare or government institutions [10]. In 2024, SOCRadar reported that about 1.8 million email-password credentials from high-traffic Saudi domains were exposed through stealer logs on the dark web [11].
The concerning exposure levels indicate a larger trend in the cyber landscape of the Kingdom. A report from 2024 revealed that 67% of Saudi Chief Information Security Officers (CISOs) feel at risk of a significant cyberattack. This highlights the increasing anxiety over evolving threats, even as their confidence in defensive measures continues to grow [12].
Despite increased national investment and awareness, significant gaps persist, particularly in understanding how internal communication practices influence cybersecurity resilience in healthcare environments. This study aims to address the gap by examining how healthcare professionals in Saudi hospitals perceive, respond to, and manage phishing threats, particularly through their daily email communication practices. The research uses a qualitative exploratory design to uncover real-world vulnerabilities and decision-making patterns.

1.2. Types of Threats

In the Middle East and Africa (MEA) region, cybercriminals are targeting Saudi Arabia in their quest for novel and inventive ways to launch cyberattacks, as shown in IBM Security’s annual X-Force Threat Intelligence Index [13,14]. Messaging applications, social media platforms, artificial intelligence platforms, and cryptocurrency exchanges are the most common means of scamming customers. Scammers now have additional opportunities to take advantage of the growing use of products with built-in GPT conversation functionality. According to Kaspersky specialists, there has been an uptick in attacks propagated via chat systems. Kaspersky Solutions detected a remarkable 22% rise in such threats compared to the previous year, blocking 62,127 attempts to reroute via phishing and scam links on Telegram. Of these 344 attacks, 266 were spam, 17 were malicious URLs, and 59 were threats from malware, according to KSA’s COVID-19 report [15].
According to a report by Kaspersky, there have been millions of cyberattacks in Saudi Arabia. Real-life situations and conditions often serve as the basis for phishing emails, such as the claim of a shipment delay. In addition to spear phishing, an alternative type of phishing known as bank phishing has recently emerged; this type of phishing targets consumers of financial institutions and aims to deceive them by providing incentives and large sums of money [16].
Emerging phishing campaigns are increasingly targeting employees in critical sectors, such as healthcare. These attacks use more sophisticated social engineering techniques that exploit urgency, authority, and terminology specific to the healthcare field.
Because these tailored attacks can bypass traditional email filters, human awareness and behaviour become the last line of defence [17]. Additionally, the rise of generative AI tools has enabled attackers to create more convincing phishing messages, heightening the risk of successful breaches in sectors with limited cybersecurity maturity, such as healthcare.
This situation calls for a shift from purely technical solutions to integrated strategies that combine employee training, policy development, and institutional reform.

1.3. Human Error

Human error causes over 95 per cent of security breaches. Data breaches in healthcare are critical due to the sensitivity of patient information and the potential negative impact on care delivery. Healthcare organisations must prioritise cybersecurity to safeguard patient privacy, safety, and treatment delivery in the face of increasing cyberattacks and data breaches [18]. According to a poll, malicious attacks caused 59% of data breaches in the Kingdom of Saudi Arabia (KSA) and the UAE, system faults caused 24%, and human errors caused 17%. In the United Arab Emirates and KSA, data breaches caused by malicious attacks were the most common and expensive types, with the average total cost per data breach amounting to USD 6.86 million [19]. “Arab News” data reveals that despite KSA being a remote work powerhouse at the time, 73% of staff did not obtain cybersecurity-related instructions [16].
The human element, specifically workers, is a key obstacle to cybersecurity in the digital workplace. Companies worldwide have identified cybersecurity concerns among workers in the digital workplace as a critical problem. Dell Technologies conducted a survey that revealed that 72 per cent of workers are willing to divulge sensitive information for a small payment. Data sharing security is of no importance to 64 per cent of workers. This lack of knowledge could be a significant roadblock in the workplace [20].
In healthcare settings, human error encompasses more than just clicking on phishing links. It also includes ignoring security protocols and sharing credentials—behaviours that are often driven by high workloads, inadequate training time, and the perception that cybersecurity is not among clinical responsibilities. Research has shown that when training is not tailored to specific roles and contexts, staff members remain highly vulnerable to phishing attacks, especially those that seem to originate from trusted internal sources. This highlights the importance of incorporating behavioural insights and the organisational context into cybersecurity awareness programmes [21].

1.4. Cyber Threats in Healthcare

Ransomware is one type of cyberattack that healthcare organisations are particularly vulnerable to. There were 68 ransomware attacks on healthcare organisations globally, according to the researchers of a previous study [22]. The healthcare industry lacks cybersecurity training, with 61% of practitioners citing time constraints. Only 4% of organisations hold weekly cybersecurity training sessions, while the majority (more than 25%) hold them sometimes. Approximately 10% of practices never provide any training. Because people are a practice’s first line of defence, insufficient training makes it less likely that the practice will be able to adequately defend itself [23].
According to Proofpoint’s Regional Director for the Middle East and Africa, the healthcare sector is falling victim to hackers due to the sensitive patient data these institutions hold. In addition, healthcare organisations are prime targets for ransomware attacks because attackers know that these businesses will pay to quickly get their systems back up and running [24]. The information security policies and controls of healthcare businesses are in danger, and electronic medical records (EMRs) are particularly vulnerable, according to reports from information security authorities. These threats can originate from inside or outside the company. Out of 41,686 security events, 2013 were data breaches, according to Verizon’s 2019 Data Breach Investigation Report (DBIR) [25].
Healthcare organisations are among the most frequently targeted by cyberattacks worldwide. This vulnerability stems from a mix of outdated IT systems, inadequate investment in cybersecurity, and the need for uninterrupted operation. This situation underscores the importance of providing regular, role-specific training that is tailored to real healthcare environments [26].
For the thirteenth year running, healthcare organisations have recorded the highest expenditures among all businesses (see Figure 1). Costs associated with data breaches in the healthcare industry were projected to rise from USD 10.10 million in 2022 to USD 10.93 million in 2023, an increase of 8.2%, making it the industry with the highest average cost. With an expected increase of over USD 7.13 million in 2020, the healthcare industry’s average data breach cost increased by 53.3% over the previous three years (see Table 1).
Since the US government considers healthcare a critical infrastructure, the industry is subject to heavy regulation. After the COVID-19 outbreak, the industry’s average data breach costs became much higher [27].

1.5. Statistics on Cyber Threats in Saudi Arabia

According to a recent analysis from the cybersecurity firm Kaspersky, the KSA was the target of about one million phishing attacks in the second quarter of 2020. According to Kaspersky’s spam and phishing report [28], there were 973,061 phishing attacks in the Kingdom over these three months. Attacks against Saudi Arabia, in particular, included a denial-of-service attack that affected the Saudi Ministry of Health’s website and services in 2020 [29]. Over the previous five years, healthcare data breaches increased, with a staggering 42% increase in 2020, the year the pandemic was declared. In 2020, healthcare organisations were the target of 60% of all ransomware attacks.
According to research by Sophos [22], ransomware allegedly hit 34% of healthcare organisations worldwide in 2020. The Saudi National Cybersecurity Authority’s Cybersecurity Quarterly Bulletin for the fourth quarter of 2020 states that, worldwide, the healthcare sector is the third most targeted sector, with 14% of all attacks coming from hackers. In the KSA, unauthorised activity is the top threat, and data leakage ranks fourth [30].
There was a 32% rise in cyberattacks on Saudi Arabian firms in 2020 compared to 2019, according to the National Cybersecurity Authority (NCA). The research also found that phishing attacks and malware were the most prominent types of cyberattacks. Some cyberattacks target Saudi Arabia more than any other country. Some of the world’s most severe losses due to cyberattacks occur in Gulf nations. The average cost of a cyberattack on an organisation in Saudi Arabia and the United Arab Emirates was USD 6.53 million in 2020, according to statistics from IBM [31], which is 69% of the global average. The number of phishing attacks in 2020 was highest in the KSA among the Gulf Cooperation Council nations.
Cybercriminals prioritise the KSA and consider it a primary target. An expert in cybersecurity has proposed two possible causes for the rise in cyberattacks on the KSA: the country’s expanding digital infrastructure and its significance in the global oil and energy markets [16,18].
According to a Kaspersky analysis, attacks in Saudi Arabia posing data loss threats surged by 168% in Q2 2022 compared to the previous quarter. According to the company’s security solutions, there were 5,808,946 phishing attacks in Q2 [32].
Kaspersky’s yearly study of the status of spam with phishing threats revealed a consistent pattern for 2022: a significant increase in phishing attacks. This trend persisted in 2023, when it increased by more than 40% [15].
According to IBM research, the banking sector had the highest overall cost of data breaches in 2023, at SAR 35.29 million. Total data breach costs in the healthcare sector totalled SAR 32.46 million, while the energy business came in second with SAR 33.75 million [33].
According to the data collected in 2023, implementing backdoors was the most prevalent attacker activity in the instances that X-Force reacted to in Saudi Arabia, accounting for 40% of the total. Additional activities include ransomware, adware, and spam campaigns [13,14]. Kaspersky [15] predicted a 40% increase in phishing attacks in 2023. The healthcare sector was the third most attacked in Q1 2023, with an average of 1684 attacks per week [23].
These alarming statistics reveal a concerning trend: the healthcare sector in Saudi Arabia is shifting from being a secondary target to a high-priority focus for cybercriminals, especially those employing phishing techniques. Compared to other regions in the Middle East and around the world, Saudi Arabia’s healthcare infrastructure faces significant challenges in terms of awareness, staff preparedness, and cybersecurity policies. Although national investment in cybersecurity has increased, there is still a need to address this disparity. It is crucial to develop localised strategies that consider the cultural and systemic factors unique to the Saudi healthcare context [34].

1.6. Organisational Demographics in Healthcare

One hundred fifty-nine healthcare cybersecurity experts participated in the HIMSS Healthcare Cybersecurity Survey in 2022. The daily task of overseeing or operating cybersecurity practices fell to these experts. Regarding healthcare cybersecurity initiatives, most respondents (67.30%) held the primary responsibility within their organisations. For the others, it was either as required (12.58% of the time) or at least some responsibility (20.13%). In terms of organisational profile, healthcare provider organisations (59.75%), suppliers (11.32%), consulting companies (8.18%), and government agencies (7.55%) employed the majority of respondents. Figure 2 depicts the different kinds of organisations with cyber threats, while Figure 3 provides the overall phishing data in the healthcare industry [35,36].
Figure 4 displays the country’s most prevalent cyber threats in 2022, while Figure 5 depicts the Ministry of Health’s cyber threat issues in Saudi Arabia [37,38]. Public health centres, hospitals, laboratories, pharmacies, and allied health facilities are all part of the Ministry of Health’s healthcare organisation, which has twenty directorates. The MOH has many excellent facilities, with 2094 primary health centres and 249 hospitals; the MOH’s five rural and urban zones represent different geographical distributions. Table 2 shows the Ministry of Health’s healthcare resources, including nurses, pharmacists, and medical support workers. Table 3 indicates the number of hospitals in Saudi Arabia’s health sector, which will increase in the next five years [38].
The demographic data underscores the complexity and scale of Saudi Arabia’s healthcare sector, which includes a wide range of facilities and personnel in both public and private sectors. Understanding this structure is essential for developing effective cybersecurity interventions that cater to both urban and rural environments, as well as to clinical and administrative roles. Additionally, the anticipated increase in the number of hospitals and healthcare workers under Vision 2030 emphasises the urgent need for scalable and sustainable training programmes integrated into institutional human resource development (HRD) frameworks. Without customised policies and role-specific cybersecurity protocols, the expanding healthcare system may exacerbate existing vulnerabilities rather than alleviate them [39].
This article examines email communication practices to better understand cybersecurity among healthcare employees in Saudi Arabia by examining surveys from relevant research and the results of a qualitative study conducted among employees of the Saudi health sector.
To the best of the author’s knowledge, this is the first study to investigate phishing susceptibility specifically through the lens of daily email communication within Saudi hospitals. By addressing this overlooked aspect, the study offers practical insights that can inform culturally tailored awareness strategies and institutional cybersecurity interventions.
This article is structured as follows:
-
Section 2 discusses related studies relevant to this research.
-
Section 3 presents the theoretical framework.
-
Section 4 reviews the research methodology.
-
Section 5 presents the data collected.
-
Section 6 covers the data analysis.
-
Section 7 discusses the findings of the research.
-
Section 8 provides a discussion of the research.
-
Section 9 outlines the main contributions.
-
Section 10 reviews the challenges and limitations
-
Section 11 provides the conclusion.
-
Section 12 outlines directions for future work.

1.7. Overview of Research Gap

While there is an increasing amount of global research on phishing and email-based cyber threats, there is still a limited understanding of how healthcare professionals in Saudi Arabia experience and respond to these risks. Many studies fail to consider the human and cultural aspects of email communication within clinical settings. This study addresses that gap by examining the real-world communication behaviours and cybersecurity awareness of healthcare workers in Saudi Arabia, a nation undergoing rapid digital transformation as part of Vision 2030.

1.8. Problem Statement

Phishing remains one of the most prevalent cybersecurity threats worldwide, with over 95% of data breaches attributed to human error [18]. Phishing attacks in Saudi Arabia increased by 168% in the second quarter of 2022, with healthcare organisations becoming primary targets [32]. In 2024, more than 1.8 million email-password credentials from popular Saudi domains were leaked on the dark web, many associated with healthcare institutions [11].
Despite this increasing threat, many healthcare employees lack sufficient training to identify and respond to phishing attempts, particularly those disguised as internal communications. In Saudi hospitals, email is the primary mode of communication.
While global studies have examined phishing awareness, there is limited research focused on how healthcare staff in Saudi Arabia perceive and respond to phishing threats via email. This study aims to fill that gap by investigating the behavioural, linguistic, and organisational factors that influence phishing susceptibility in Saudi healthcare settings.

1.9. Purpose Statement

This study aims to explore how email communication practices among healthcare employees in Saudi Arabia affect their vulnerability to phishing threats. By examining behavioural, cultural, and organisational factors, the research seeks to identify weaknesses and offer recommendations to improve cybersecurity awareness and protection within the healthcare sector.

1.10. Significance of the Study

As cyber threats continue to rise in the healthcare sector, it is crucial to understand how employees interact with email. By focusing on the Saudi healthcare system, the study addresses a region where digital transformation is advancing rapidly under Vision 2030, yet cybersecurity awareness remains inconsistent.
The findings of this study can assist hospital administrators, IT security teams, and national policymakers in creating more effective and culturally appropriate cybersecurity training programs. These programs can enhance employee awareness, reduce the risk of email-based attacks, and ultimately safeguard sensitive patient data and healthcare operations.
In addition to its practical implications, this research contributes to academic literature by addressing a gap in the study of phishing awareness in healthcare environments.

2. Related Studies

As stated by Alzubaidi [5], the rapid advancement of information technology (IT) has allowed many people to access the internet. However, it has also brought about serious security risks. Important data such as passwords, financial accounts, and other confidential information are enticing targets for attackers. Cyberattacks on this infrastructure can result in data breaches, significant economic losses, and even loss of life.
Almaghrabi, Saddig, Bugis, and Bussma Ahmed [30] discussed the likelihood of unauthorised access to vital data and how health institutions might face a significant privacy breach. Unauthorised access to patient healthcare data can result in serious permanent harm or even death. For patient safety, it is essential to include cybersecurity in healthcare operations. Another area in which the healthcare industry must collaborate is the fight against cybercrime and the prevention of unauthorised access to patient data. With the rapid shift from paper to electronic health records (EHRs), identifying, studying, and resolving the challenges that EHRs encounter in protecting patient privacy is more significant than ever.
Zarour et al. [40] described how data integrity remains problematic in the modern healthcare system. Data integrity ensures that the data is both accurate and uncorrupted. Fraud, misconduct, inadequate care, and data theft are just some of the problems that might arise from inaccurate data, which can pose significant health threats to patients and doctors. Handling healthcare data in such a potentially risky environment is very challenging. With a focus on Saudi Arabia’s specific circumstances, this research aims to outline the strategy for managing threats to healthcare data integrity utilising a variety of attack statistics from across the globe, including Saudi Arabia.
Tushar Khinvasara and Stephanie Ness et al. [41] described the growth in healthcare IT as having many positive effects. However, it is also susceptible to significant threats from hackers, organised crime, and terrorist groups. Additionally, there are new possibilities for exploiting weaknesses in the information systems of different industrial units and new problems brought about by the simultaneous proliferation of networked devices. Complex and ever-evolving cyber threats are a persistent challenge for the healthcare industry. The healthcare business requires specialised strategies to prevent, detect, and analyse threats.
Ala’a M., T. Ramayah, and Mohammed A. Al-Sharafi [42] discussed the rapidly evolving healthcare industry, emphasising the critical role of electronic health records (EHRs) in digital transformation. They highlighted the paramount importance of cybersecurity in safeguarding sensitive data from new and evolving threats. Unlike previous research, their study explores how cybersecurity impacts healthcare workers’ utilisation of electronic health record systems and their productivity. The researchers propose that increased usage of systems perceived to be beneficial can enhance healthcare delivery. Their findings underscore the necessity of robust cybersecurity measures and the establishment of trust in seamless EHR integration to advance healthcare outcomes and EHR system adoption in Jordan.
Kotkova, B. [43] asserted that information technology is critical to human activities today. In most countries, the security and health sectors heavily rely on information technology, a dependency that the global COVID-19 pandemic has further emphasised. Data digitisation has brought about positive aspects, such as increased availability, fast transmission, and necessary information processing. Nevertheless, it has also introduced challenges, such as constant attempts to steal, destroy, or abuse data. Healthcare is particularly vulnerable to such attacks.
According to Zhou et al. [44], the COVID-19 pandemic has affected over one billion people so far this year. As a result, the use of various internet technologies has increased, which has also raised the risk of cyberattacks. Modern healthcare systems heavily rely on digital information and technology to aid doctors, nurses, and researchers in efficiently understanding and addressing patient issues. Unfortunately, during the COVID-19 crisis, attackers targeted these healthcare organisations, hindering their ability to help people during the pandemic.
Alanazi, Khalid [45] defined an essential aspect of Saudi Vision 2030 as healthcare reform, which aims to reorganise the healthcare sector to create a system that puts the health of all citizens first by being more all-encompassing, accessible, inexpensive, efficient, and integrated. To reduce illness and improve public health, this system will provide value-based care that is transparent, high-quality, and financially stable. There have been notable advancements in Saudi Arabia’s plan to complete healthcare reform by 2030. Problems remain because of a growing population, higher rates of avoidable injuries, healthcare quality discrepancies, inadequate primary healthcare services, a shortage of human resources, and disjointed information technology infrastructure in the healthcare system. Consequently, a more revolutionary approach is required to enhance the performance of the healthcare sector, improve the welfare of KSA inhabitants, and optimise cost-effectiveness and health outcomes while raising service standards and consistency.
Despite the increasing amount of literature on cybersecurity in healthcare, limited research specifically addresses phishing threats within the context of Saudi Arabia. Most studies focus on general data security or electronic health records [4], with few examining the behavioural and organisational vulnerabilities that make healthcare employees susceptible to phishing attacks. This gap highlights the need for qualitative research that explores how email communication practices and institutional policies influence phishing exposure in healthcare settings in Saudi Arabia.
Table 4 summarises the main objectives and key findings from the most relevant studies on cybersecurity in healthcare.

3. Theoretical Framework

This study employs Protection Motivation Theory (PMT) as its primary framework to understand how healthcare workers in Saudi Arabia perceive and respond to phishing threats in their daily email communications. Originally developed by Rogers in 1975, PMT has been widely used in cybersecurity research to examine how individuals assess risks and engage in protective behaviours [46]. The theory consists of four central constructs: perceived severity, perceived vulnerability, response efficacy, and self-efficacy. These components align closely with the study’s goal of exploring how healthcare employees interpret and manage email-based threats.
Although this study does not utilise a formal theoretical framework for hypothesis testing, PMT provides a valuable perspective for interpreting behaviours related to threat perception and security responses. It helps organise emerging themes and anchors behavioural insights in a well-established psychological model, thereby providing practical guidance for developing effective cybersecurity interventions [47,48]. Given that this research follows a qualitative exploratory design, it aims to generate insights based on lived experiences rather than test a predefined model. In this context, PMT serves as a flexible interpretive tool rather than a rigid framework.
The research questions were informed by the core constructs of PMT. For example, they explore how healthcare staff perceive the seriousness of phishing threats (perceived severity), how vulnerable they feel to such attacks (perceived vulnerability), their belief in the effectiveness of protective actions (response efficacy), and their confidence in identifying and avoiding phishing attempts (self-efficacy). During data analysis, each emergent theme was conceptually mapped to one or more PMT components. For instance, themes related to inconsistent training and lack of awareness were associated with low self-efficacy, while concerns about job repercussions or data loss were linked to perceived severity. This mapping allowed for a deeper theoretical interpretation of the findings and elevated the analysis beyond surface-level description.
While PMT is the central framework, the study also draws on Trust Theory and a stakeholder perspective to enrich specific interpretations. Trust Theory helps explain how perceived authority and legitimacy may influence responses to phishing—e.g., a nurse may trust and act on a phishing email that appears to come from a senior administrator [49]. Likewise, the stakeholder perspective frames cybersecurity not just as an individual concern but one that affects patients, administrators, and public institutions. A single cyber incident can impact patient safety, institutional reputation, and compliance [50].
By integrating PMT into the research questions, data analysis, and discussion, the study maintains theoretical cohesion and explanatory depth. This balance between rigour and flexibility is essential in qualitative research.

4. Research Methodology

4.1. Research Method

This study employed a qualitative exploratory research design using descriptive phenomenology to explore how healthcare staff in Saudi Arabia experience and respond to cyber-threat-related email communication. Phenomenology focuses on understanding how individuals perceive and live through specific experiences, aiming to capture their perspectives without imposing external theories [51]. This approach was chosen because it is especially suitable for exploring under-researched areas where depth and personal insight are essential, such as how staff recognise phishing, interpret email communication, and perceive cybersecurity training [52]. Due to the interpretive nature of the study and its focus on lived experiences, phenomenology provides the most suitable methodological framework for understanding behaviour and perception variations in phishing-related email interactions.
While Protection Motivation Theory (PMT) is later used in this study to conceptually interpret the findings, the research approach itself is intentionally inductive and atheoretical. This decision is based on the principle that descriptive phenomenology aims to uncover meaning from participants’ lived experiences without the constraints of a pre-existing theory. A theory-driven approach could have filtered or shaped the data through specific constructs, thereby limiting the emergence of novel insights. By remaining open to what participants naturally reveal during interviews, the study prioritises authenticity, cultural context, and experiential depth dimensions that are often underrepresented in cybersecurity literature. This atheoretical stance allows for richer and more grounded contributions that complement, rather than compete with, theoretical models such as PMT.

4.2. Data Analysis Method

To analyse the data, this study followed Colaizzi’s seven-step method [53,54], which included reading the transcripts, extracting significant statements, formulating meanings, grouping them into themes, writing detailed descriptions, identifying the core structure of experiences, and validating findings with the participants. This structured and systematic method ensured that the analysis was both thorough and trustworthy.
Colaizzi’s method provided a structured approach to thematic analysis, with initial coding conducted manually and reviewed iteratively to ensure consistency and reliability. The themes were validated by cross-referencing with participant transcripts to establish credibility.
To enhance the validity of the analysis, the coding process was meticulously documented and revisited at various stages to minimise potential researcher bias. Analytical memos and reflective notes were kept to ensure clarity in theme development and interpretation.
The findings were conceptually mapped against the constructs of Protection Motivation Theory (PMT), including perceived severity, self-efficacy, and response efficacy. This approach helped align the emerging themes with the psychological mechanisms that explain security behaviours.
As a final validation step, summaries of the findings were shared with a randomly selected group of 12 participants for member checking. All participants confirmed that the themes accurately represented their experiences, which enhanced the credibility and trustworthiness of the results.

4.3. Research Objectives

This study aims to explore and understand email communication practices in healthcare organisations in Saudi Arabia to enhance cybersecurity. Effective email communication is vital for ensuring efficient and secure information exchange within healthcare settings, where sensitive data is frequently shared and email remains a primary method of interaction. By analysing current practices and identifying potential vulnerabilities, this study seeks to contribute to the development of safer and more effective communication methods, ultimately strengthening cybersecurity measures in the Saudi healthcare sector.
The specific objectives of this study are as follows:
RO 1: To examine the types and content of emails sent to healthcare staff in Saudi Arabia, and how they are perceived in terms of risk and clarity.
RO 2: To identify and assess the approved language and communication standards in official emails within the Saudi healthcare sector, particularly in relation to perceived trust and authority.
RO 3: To explore individuals’ personal experiences with phishing emails and identify the common types of content used in phishing attempts, along with their perceived severity and vulnerability.
RO 4: To evaluate the effectiveness of current training programmes designed to enhance cybersecurity awareness, self-efficacy, and protective responses among healthcare staff in Saudi Arabia.

4.4. Research Questions

To achieve these objectives, this study addresses the following research questions:
RQ 1. What types and content of emails are commonly used in Saudi healthcare organisations and how are they interpreted by staff?
RQ 2. What are the approved language and communication standards for official emails in the Saudi healthcare sector, and how do they influence employee trust and response?
RQ 3. What types of content are commonly found in phishing emails based on personal experiences, and how do staff perceive their severity and vulnerability to such threats?
RQ 4. How effective are the existing training programmes in raising cybersecurity awareness, improving response efficacy, and building self-efficacy among healthcare staff in Saudi institutions?

4.5. Research Gap

Although cybersecurity in healthcare has received increasing global attention, limited research specifically focuses on email communication practices within the Saudi healthcare context. Most studies concentrate on technical defences, overlooking the human factor. There is a lack of data regarding how healthcare staff perceive, respond to, and are trained in addressing phishing and email threats. Additionally, the effectiveness of current training programmes and communication standards remains largely unexplored. This study aims to fill this gap by examining the real-world email practices and experiences of healthcare workers in Saudi Arabia.

4.6. Procedures and Methodology

A qualitative framework enabled an in-depth investigation of lived experiences. Semi-structured interviews were conducted with healthcare staff from various regions in Saudi Arabia and with different professional backgrounds. The researcher collected data and conducted the interviews with care to obtain valuable insights from the participants.
The interviews lasted about 30 min and were conducted using Newcastle University’s Microsoft Teams platform. The participants answered open-ended questions, such as “What types of phishing emails do you receive?”, to promote detailed and reflective responses. All interviews were audio-recorded with the participants’ consent, transcribed verbatim, and anonymised before analysis.
To ensure cultural sensitivity and minimise hierarchical bias, which is common in healthcare institutions, interviews were conducted in private. Participants were assured that no identifying information would be included in transcripts or reports.
Data saturation was achieved by the 35th interview, at which point no new themes emerged. Five additional interviews were conducted to confirm this saturation.
After analysis, summaries of the findings were provided to 12 randomly selected participants for member checking. All confirmed that the descriptions accurately reflected their experiences, which enhanced the credibility of the findings.

4.7. Design

This study utilised a descriptive phenomenological design to uncover underlying experiences without preconceived theoretical assumptions. This approach enabled the identification of significant themes related to email communication and cybersecurity awareness.

4.8. Ethical Consideration

Ethical considerations were a crucial aspect of the study:
Ethical Approval: The research received approval from the University of Newcastle, ensuring compliance with international ethical standards. Ethical approval for this study was granted by the University Ethics Committee at Newcastle University (Ref: 50647/2023), and all methods were carried out in accordance with relevant guidelines and regulations.
Informed Consent: The participants provided informed consent, confirming their voluntary participation and understanding of the study’s objectives.
Confidentiality and Anonymity: All participants’ identities were kept confidential.
Secure Data Storage: All collected data was securely stored in digital environments that comply with Newcastle University’s data protection policies. The data were saved exclusively on the researcher’s university-provided device, which is kept in a secure location within the researcher’s private office. Access to the device is strictly protected with a personal password known only to the researcher. A data backup is also stored in Newcastle University’s cloud storage system, which is protected by advanced encryption protocols and requires university credentials for access. This multi-layered approach ensures the confidentiality, integrity, and security of all collected data.
Compliance with guidelines: All procedures were conducted in compliance with the relevant guidelines and regulations.

4.9. Participants and Sample Size

A total of 40 participants were selected through purposive sampling to ensure they had direct experience with using institutional email. The sample comprised medical and technical staff from various Saudi regions, and data saturation was successfully achieved.
The sample size was determined based on qualitative research literature recommendations, which suggest that 20 to 40 participants are sufficient for phenomenological studies aimed at gaining rich thematic insights [52,55].

4.10. Motivation for the Study

Rising Cyber Threats: Healthcare facilities in the Middle East, particularly in Saudi Arabia, are increasingly targeted by cyberattacks due to ongoing digital transformation.
Strategic Relevance: Saudi Arabia’s Vision 2030 and its position as the region’s most advanced economy make it a crucial case for studying healthcare cybersecurity.
Need for Insight: Understanding staff experiences and vulnerabilities is essential for assessing current cybersecurity practices and informing more effective defences in the future.

5. Data Collection

Data collection was conducted over a period of 8 weeks, during which 40 participants were interviewed. The sample consisted of 30 medical staff (including doctors, nurses, and allied health professionals) and 10 IT/technical staff, drawn from various regions across Saudi Arabia. The participant group was evenly split by gender, with 20 males and 20 females. Participants were selected through purposive sampling to ensure they had direct experience using institutional email.
Figure 6 shows the gender distribution of the participants, with an equal number of male and female respondents.
Figure 7 displays the job categories of the participants, highlighting the proportions of health workers and technical staff involved in the study.
Figure 8 shows the distribution of the participants across various regions of Saudi Arabia, emphasising the geographical diversity of the sample, which enhances the study’s representativeness.
All interviews were conducted remotely via Microsoft Teams, ensuring accessibility and safety for participants from various locations. Each interview lasted between 20 and 30 min and followed a semi-structured format guided by 12 open-ended questions. To promote comfort and clarity, the interviews were conducted in Arabic, the participants’ native language. This approach aimed to gather more authentic and valuable insights into their experiences. The format allowed for consistent coverage of core topics while also providing the flexibility to explore individual perspectives in greater depth.
The interviews focused on four key areas: (1) the types and content of emails received by healthcare staff, (2) the language and communication standards used in professional emails, including the balance between Arabic and English, (3) the participants’ experiences with phishing emails, including examples and their reactions, and (4) the availability and effectiveness of cybersecurity training provided to staff.
All interviews were audio-recorded with participant consent and later transcribed verbatim to ensure accuracy. The transcription process was completed over a four-week period, and all data were securely stored on a password-protected device.

6. Data Analysis

Data were analysed using Colaizzi’s seven-step phenomenological method. This method involved familiarising ourselves with the transcripts, extracting significant statements, formulating meanings, clustering themes, and validating findings with the participants. The analysis was conducted manually to allow for deeper, more immersive engagement with the data, ensuring that the nuances and context of the participants’ lived experiences were fully understood and interpreted without relying on automated coding tools. Manual analysis is particularly suitable in phenomenological research, where the researcher’s sensitivity and contextual understanding are critical for accurately capturing the meaning of the participants’ narratives [53,54]. This approach ensured rigour and alignment with the participants’ experiences. The steps were as follows:
Step 1: Reading all participants’ transcripts to gain a general sense of their experiences.
Step 2: Extracting significant statements directly related to the phenomenon under study.
Table 4 illustrates key statements from participants that showcase their views and practices regarding email communication in healthcare settings.
Step 3: Formulating meanings from these significant statements.
Table 5 outlines how these significant statements were analysed to formulate meanings related to the use of official email communication.
Step 4: Organising formulated meanings into clusters of themes.
Table 6 shows the emerging theme clusters that were developed from the formulated meanings, reflecting communication practices among staff.
To ensure analytical rigour, the coding process in Steps 3 and 4 was conducted manually by the primary researcher to maintain confidentiality and protect data. After the initial coding and theme development, the results were reviewed and refined in consultation with the research supervisors during peer debriefing sessions. This approach helped confirm that the formulated meanings and emerging themes were firmly grounded in the participants’ narratives and not influenced by researcher bias.
Table 7 presents the development of theme clusters derived from the formulated meanings, highlighting how specific meanings were grouped into broader emergent themes.
Table 8 illustrates a thematic map that categorises the themes into broader domains of email content, language, and types of phishing emails.
Due to the extensive qualitative data gathered from 40 interviews, the analysis required multiple rounds of reading and manual coding to maintain transparency in theme development. Each significant statement and its meaning were carefully examined and organised into clusters, allowing the final themes to emerge naturally from the data. This iterative process supported a rigorous and inductive approach consistent with Colaizzi’s method.
Step 5: Exhaustively describe the investigated phenomenon based on the thematic clusters.
Step 6: Formulate a fundamental structure of the phenomenon.
Step 7: Review the findings with the participants for validation.
In Step 7, summaries of the identified themes were sent to 12 randomly selected participants via secure email. The participants were asked to review the thematic descriptions and confirm whether they accurately reflected their lived experiences. All participants responded positively, which reinforced the credibility and trustworthiness of the thematic findings.

7. Findings

By applying Colaizzi’s phenomenological analysis to 40 in-depth interviews, twelve core themes emerged, providing valuable insights into the linguistic, technical, procedural, and cultural aspects of digital communication within healthcare institutions.
These themes illustrate how healthcare staff utilise email as both a functional and symbolic tool while facing challenges related to language use, message structure, departmental communication norms, and institutional cybersecurity protocols. Each theme is supported by direct participant narratives, which add depth and authenticity to the analysis. The findings are organised around these emergent themes and related clusters, presenting a comprehensive overview of cybersecurity and practices in Saudi healthcare settings.
Additionally, elements of Protection Motivation Theory (PMT), such as perceived severity, vulnerability, and self-efficacy, proved useful in understanding participants’ awareness and reactions to phishing threats, as evidenced across multiple themes.
Results related to the first research question:
Emergent Theme 1—Types of Emails
Theme Cluster:
Announcements, Notifications, Tasks, Circulars, Congratulations
The participants elaborated on the various types of emails they frequently handle, including announcements and notifications. One participant said, “These different types of emails are a primary way of sharing important news and keeping everyone updated” (Participant 17).
Emergent Theme 2—Email Content
Theme Cluster:
Attachments, Texts, Images, Links, Posters, Barcodes
The participants shared insights into how email content, such as attachments and links, is used to enhance communication. One participant explained, “Attachments like PDFS and images help clarify tasks” (Participant 2). This reduces ambiguity and improves task execution.
Results related to the second research question:
Emergent Theme 3—Communication Practices
Theme Cluster:
Email for Communication
Emails play a crucial role in formal communication. One participant explained, “Official communications are always sent via email to ensure documentation, making it easier to track and refer back if needed.” (Participant 10). This ensures accountability and a formal trail for decision-making processes.
WhatsApp for Communication
The participants highlighted that WhatsApp is commonly used for quick and informal communication. Said one participant, “WhatsApp is faster than email for on-the-spot decisions” (Participant 15). Its immediacy allows team members to resolve issues swiftly, particularly during time-sensitive scenarios. This preference for informal channels also highlights issues concerning trust and response effectiveness, as proposed by Protection Motivation Theory.
Emergent Theme 4—Communication Language
Theme Cluster:
Predominantly Arabic
The participants emphasised that Arabic serves as the primary language for communication. One participant explained, “Emails in Arabic ensure that everyone understands the content and avoids confusion” (Participant 15). This reflects the cultural and linguistic preferences of the workforce, enhancing inclusivity.
Occasional English
The participants expressed a preference for using English in certain contexts, particularly when communicating with medical or international companies. One participant noted, “Emails are written in English for clarity, and it is the language of communication in medical companies” (Participant 10). Utilising English in these situations helps ensure accuracy and aligns with global professional standards.
Dual Language
The participants discussed the necessity of using both Arabic and English in certain communications. One participant stated, “Sometimes, bilingual emails are necessary to ensure everyone understands” (Participant 11). This strategy is particularly beneficial in diverse workplaces with multilingual teams.
Emergent Theme 5—Timing
Theme Cluster:
During Working Hours
The participants remarked on the common practice of sending emails during working hours. One participant explained, “Emails during official hours help maintain boundaries” (Participant 20). This practice helps reduce stress and promotes work–life balance.
After Working Hours
The participants discussed limiting after-hours emails to urgent matters only. One participant stated, “Emergency emails are sent after hours only when necessary” (Participant 6).
Results related to the third research question:
Emergent Theme 6—Phishing email
Theme Cluster:
Official Email
The participants observed that phishing emails often target official accounts with deceptive content. One participant explained, “These emails may include fake job offers designed to look authentic” (Participant 12). Such targeted attempts exploit trust within organisational systems.
Personal Email
The participants mentioned that personal email accounts are frequently targeted by phishing attempts. One participant shared, “Scammers often send phishing emails with lucrative advertisements” (Participant 6).
Emergent Theme 7—Types of Phishing
Theme Cluster
Marketing Offers, Job Offers, Banking Services, Profitable Advertisements
The participants described encountering various types of phishing emails, including job and marketing scams. One participant stated, “Many phishing emails claim to offer high returns on profits” (Participant 11).
Emergent Theme 8—Differences in Functionality
Theme Cluster:
Medical, Technical:
The participants noted variations in email usage between departments, such as medical and technical teams. One participant said, “In the medical department, emails are used for patient records and updates” (Participant 7).
Emergent Theme 9—Regional Disparities
Theme Cluster:
Differences in Practices Between Urban and Rural Settings
The participants discussed the differences in cybersecurity practices observed between urban and rural areas. One participant said, “Urban teams are generally more aware of email phishing threats” (Participant 3).
One participant noted, “Rural areas have a low awareness of email phishing threats” (Participant 19).
Differences in Cybersecurity Knowledge Across Regions
The participants commented on the varying levels of cybersecurity knowledge between regions. One participant noted, “In my opinion, the central region has greater awareness of cybersecurity than other regions because the Ministry of Health is based there” (Participant 3). This highlights the structural disparities that influence employees’ feelings of vulnerability and their perception of how effectively they can respond to situations (which are key components of Protection Motivation Theory).
Results related to the fourth research question:
Emergent Theme 10—Training and Awareness
Theme Cluster:
Lack of Structured Workshops, Awareness Gaps, Absence of Mandatory Programmes:
The participants highlighted a lack of training as a significant factor impacting cybersecurity awareness. One participant shared, “Without structured workshops, employees remain unaware of how to identify phishing emails” (Participant 2).
Need for Structured and Mandatory Training for Employees
The participants emphasised the need for mandatory training programmes to bridge knowledge gaps. One participant explained, “Regular workshops are crucial for equipping employees to handle cybersecurity challenges” (Participant 7).
Emergent Theme 11—Cybersecurity Challenges
Theme Cluster:
Varied Awareness Levels Among Staff, Training Needs
The participants highlighted inconsistencies in awareness levels and the urgent need for improved training programmes. One participant shared, “Some employees struggle to distinguish between legitimate and phishing emails” (Participant 9).
Emergent Theme 12—Recommendations for Improvement
Theme Cluster:
Workshops, Awareness Programmes, Mandatory Training Courses, Security Tests, Control of Internal Networks, Electronic Platform on Cybersecurity in Health
The participants provided several recommendations to strengthen cybersecurity measures. One participant explained, “Structured workshops and mandatory training are key to improving cybersecurity” (Participant 12).
Training courses should be mandatory for all individuals.(Participant 32).
A significant concern raised by the participants was the frequent use of informal communication platforms, such as WhatsApp, for urgent or non-official messaging. While these platforms are convenient, relying on them often bypasses formal cybersecurity protocols, putting healthcare organisations at risk.
Another issue identified was the use of both Arabic and English in email communication, which complicates the implementation of standardised security measures and creates confusion among staff who come from diverse professional and linguistic backgrounds.
The results also highlight broader issues related to communication practices, including the timing of messages, the types and content of emails sent, and the methods used for training and raising awareness.
These findings indicate that cybersecurity risks are not solely technical; they also have socio-cultural dimensions. Addressing these risks requires interventions that consider both behavioural economics, such as nudges, and the dynamics of employee trust. These insights will be further examined in the discussion section. Figure 9 presents a thematic map derived from the qualitative analysis. It highlights key emerging themes related to email communication practices, cybersecurity challenges, and phishing risks within Saudi healthcare settings. The map organises insights into several categories, including regional disparities in awareness, gaps in training, the timing and content of communication, functional roles, and language usage. Additionally, it illustrates different types of phishing emails and provides corresponding recommendations for improvement.

8. Discussion

This study significantly enhances our understanding of the experiences of Saudi healthcare professionals regarding email communication practices and their implications for cybersecurity.
It thoroughly explores email communication practices and the cybersecurity challenges faced in the Saudi healthcare sector. Using Colaizzi’s phenomenological method, the research identifies twelve themes that provide valuable insights into both the benefits and drawbacks of email usage in healthcare settings.
The findings reveal various challenges, including cybersecurity vulnerabilities, communication protocols, and organisational practices. The participants highlighted several issues, such as disparities in cybersecurity awareness, the absence of structured training programmes, and employees’ limited ability to recognise phishing attacks and other cybersecurity threats.
This discussion places these findings within the current academic literature, linking them to and expanding upon existing research in the fields of communication and health informatics.
The analysis incorporates key theoretical models, particularly Protection Motivation Theory (PMT), Trust Theory, and Nudge Theory, to interpret the behaviours and decision-making patterns of healthcare employees. These frameworks enhance the analysis by offering a psychological and organisational perspective, which helps to explain the observed differences in awareness, practices, and responses.
These findings support and expand upon key concepts of Protection Motivation Theory (PMT), specifically perceived vulnerability, response efficacy, and self-efficacy. Participants recognised phishing threats but expressed limited confidence in their ability to detect such emails. They also perceived the training programs as inadequate, which aligns with fundamental aspects of PMT. Additionally, the importance of trust in internal communications, where phishing emails can often seem credible, emphasises the relevance of Trust Theory. Together, these frameworks highlight that cybersecurity risks are not solely technical; they also possess socio-cultural dimensions. Therefore, interventions should be designed to address both behavioural economics and the dynamics of organisational communication.

8.1. Types and Content of Email

In Saudi healthcare, email is widely used for formal communication, including notifications, circulars, task assignments, announcements, and congratulatory messages. The participants emphasised that email plays a key role in maintaining documentation and ensuring accountability, which mirrors findings from earlier studies that highlight the importance of email in formalising communication and keeping clear records [56,57].
They also described how email content frequently contains attachments such as PDFs, images, barcodes, and links, which help to clarify tasks and provide additional context. This observation supports existing research that underlines the value of attachments in improving the comprehensibility and usefulness of emails in organisational settings [58]. At the same time, however, the participants expressed concern over the risks associated with these attachments, particularly malicious links and barcodes, which are standard phishing tools. This concern echoes prior studies identifying such elements as frequent vectors for cyberattacks in healthcare environments [59].
Task-related emails comprise a significant portion of this communication, often related to patient care coordination, administrative updates, and operational workflows. These uses are consistent with research showing that email facilitates coordination and recording decisions in complex healthcare settings [60]. The participants also pointed out that celebratory emails contribute positively to team morale and workplace culture, a finding supported by previous work that recognises the social and motivational value of recognition-based communication [61].
Nonetheless, there are risks. Several participants noted that vague subject lines or poorly written content could cause confusion or lead to overlooked tasks. Additionally, emails containing sensitive data are often sent without encryption, exposing them to unauthorised access, an issue long recognised in studies on email security and data protection [62].

8.2. Reliance on Informal Communication Platforms

The participants reported a growing reliance on WhatsApp for urgent or informal communication, primarily due to its speed and ease of use. While this platform offers real-time communication, it lacks institutional safeguards such as monitoring and encryption provided by official email systems. This mirror concerns raised in previous studies about the security implications of using consumer messaging apps in professional healthcare settings [63]. The participants agreed that institutions should implement stronger policies to discourage using such platforms for sharing sensitive information, which aligns with best practice recommendations in the literature [64].
From the perspective of Trust Theory, the reliance on informal tools like WhatsApp may arise from the perceived familiarity and authority of the sender, regardless of the security of the platform. When messages seem to come from known individuals, recipients are likely to trust the content without verifying it. This assumption can undermine institutional cybersecurity efforts.
Many participants observed that while emails are the official method of communication, colleagues tend to reply more quickly on WhatsApp. This quicker response time has made WhatsApp the preferred choice for urgent situations, despite it not being officially approved for professional use. This situation underscores a disconnect between institutional policies and actual communication practices.
This approach, while practical, increases the risk of unmonitored data exchange and emphasises the need for secure yet responsive official communication tools.

8.3. Phishing Vulnerabilities

A recurring concern among the participants was the prevalence of phishing attacks targeting their professional and personal email accounts. They described receiving phishing emails disguised as job offers, bank notifications, or promotional content. These experiences reflect broader trends observed in the literature, which identifies healthcare organisations as frequent targets due to the high value of patient data [65]. The participants agreed that increasing awareness, primarily through targeted training highlighting red flags such as unknown domains or unsolicited attachments, would significantly reduce the risk. This approach aligns with research advocating customised awareness strategies in healthcare environments [66].
The findings are closely connected to the concepts of Protection Motivation Theory (PMT), especially regarding perceived vulnerability and response efficacy. Many participants expressed a lack of confidence in their ability to identify phishing attempts, which indicates low self-efficacy and a pressing need to enhance their coping appraisal. Additionally, attacks that mask themselves as internal communications from authority figures take advantage of the trust-based assumptions outlined in Trust Theory.

8.4. Cybersecurity Awareness and Training

The participants consistently reported that cybersecurity awareness among staff was variable and, in many cases, insufficient. Many acknowledged difficulties in identifying phishing attempts and showed limited understanding of how certain behaviours could compromise security. These insights underscore the importance of structured cybersecurity education, a point heavily emphasised in earlier studies focused on risk mitigation in healthcare organisations [67].
Low awareness and inconsistent training indicate gaps in individual motivation and organisational support. The Precautionary Motivation Theory (PMT) suggests that if employees do not perceive a high level of severity regarding potential risks or do not receive effective institutional support, they are unlikely to engage in protective behaviours. Structured training can enhance both self-efficacy and response efficacy, thereby increasing the likelihood of making safer decisions.
A significant point raised by several participants was the difference in cybersecurity awareness between urban and rural healthcare institutions. Participants from central urban areas, where the Ministry of Health is located, reported better access to structured training, IT support, and up-to-date cybersecurity protocols. In contrast, those from rural regions mentioned limited access to training resources and slower communication from central authorities. This indicates that regional disparities may stem from differences in funding allocation, IT infrastructure, and institutional oversight. Further investigation into these structural inequalities is necessary to ensure more equitable cybersecurity preparedness across the healthcare system.

8.5. Communication Language

This study also highlights the dual-language nature of communication within the Saudi healthcare system. Arabic is predominantly used in administrative or general communication, ensuring accessibility and understanding across a broad staff base. The participants said that this enhances inclusivity and reduces communication barriers, especially among Arabic-speaking employees. This supports previous findings showing that using the local language in internal communications strengthens team cohesion in culturally homogeneous environments [68].
At the same time, English is often used in technical or clinical correspondence, particularly when communicating with non-Arabic-speaking colleagues. The participants acknowledged that while this dual-language approach can pose challenges, aligning with global healthcare standards is necessary. Previous research affirms this practice, noting that English is commonly adopted in multilingual healthcare settings where technical accuracy is crucial [69].
The participants noted that when they receive emails in a language that they do not fully understand, they often translate the content to ensure accurate comprehension. Arabic-speaking staff translate English emails into Arabic, while English-speaking staff either translate Arabic emails into English or seek assistance from colleagues to clarify the content. This informal translation practice helps ensure that the intended message is understood and acted upon correctly, a trend also observed in studies of multilingual workplace communication [70].
Nudge Theory offers valuable insights. Simple interface enhancements, like bilingual banners, colour-coded cues, or automated translations, can minimise miscommunication without necessitating major system redesigns. These subtle nudges can steer staff toward more secure and precise communication practices.

8.6. Timing of Communication

Most participants noted that email communication usually occurs during working hours; however, they also mentioned receiving emails outside those hours, particularly in urgent situations. While this was seen as sometimes necessary, it also raised concerns about work–life balance and employee well-being. The literature supports these concerns, highlighting the psychological toll of constant connectivity and recommending maintaining clear boundaries between work and personal time [71,72].
Participants are concerned about receiving emails after hours, which indicates behavioural fatigue and potential burnout. The Psychological Motivation Theory (PMT) suggests that constant exposure to perceived threats can lead to disengagement when individuals feel overwhelmed. To help maintain staff focus and alertness, limiting email activity to work hours could serve as a protective measure.

8.7. Practical Recommendations for Policy and Training

The participants proposed several actionable improvements to strengthen cybersecurity practices. These included mandatory training, interactive workshops, internal security assessments, and a centralised electronic platform for sharing cybersecurity resources. These suggestions align with best practices outlined in the literature, which recommend structured, organisation-wide approaches to cybersecurity awareness and response [73]. Many also emphasised the value of a dedicated cybersecurity task force responsible for implementing policies, conducting audits, and ensuring adaptability to evolving threats.
Many of the proposed interventions align well with Nudge Theory. These include visual alerts, pre-send confirmations for sensitive content, and pop-up warnings for external links. Such nudges can promote cautious behaviour without limiting user autonomy. Additionally, assigning accountability to a cybersecurity unit can improve response effectiveness and foster greater institutional trust.
These findings enhance the practical understanding of cybersecurity training and may also inform behavioural theories related to digital communication in healthcare settings, especially in culturally specific and multilingual healthcare systems such as those found in Saudi Arabia.

9. Main Contributions

This study makes several important contributions to the field of cybersecurity in healthcare. First, it is one of the few qualitative investigations specifically examining the role of email communication in shaping cybersecurity awareness within the Saudi healthcare context. Second, through semi-structured interviews with 40 healthcare professionals from various regions, the study provides a grounded and diverse perspective on current practices and vulnerabilities. Third, the use of descriptive phenomenology and Colaizzi’s method enabled the extraction of rich, real-world insights related to phishing exposure, informal communication practices, and institutional challenges. Finally, the findings highlight a range of human, cultural, and organisational weaknesses that are often overlooked in technically focused studies, thereby laying a strong foundation for future interventions, such as tailored awareness programs and phishing simulations.

10. Challenges and Limitations

This qualitative study provides valuable insights into email communication and cybersecurity practices. However, several limitations should be taken into account. The findings may not be fully generalisable to all healthcare institutions in Saudi Arabia, as practices and experiences can differ across organisations and regions. Some participants, particularly those in higher positions, were more reserved in their responses, likely due to concerns about confidentiality or sensitivity within the organisation.
Additionally, since the data relied on self-reported experiences, there is a risk of bias or inaccuracies related to memory. Practical challenges included difficulties in scheduling interviews, given the busy schedules of the participants.
Despite these limitations, the credibility of the study was enhanced through the careful application of Colaizzi’s seven-step analysis, participant validation, and the use of triangulation to confirm the findings across multiple data sources.

11. Conclusions

This exploratory study examined email communication practices and the associated cybersecurity challenges within the Saudi Arabian healthcare sector. Using a qualitative approach, the research involved semi-structured interviews with healthcare staff and managers to uncover current practices, vulnerabilities, and levels of cybersecurity awareness.
The findings reveal significant deficiencies in cybersecurity knowledge, training, and awareness among the participants. They highlight the inconsistent application of email security protocols, a lack of structured and mandatory training programmes, and an unpreparedness to handle cybersecurity threats. Furthermore, substantial disparities were observed in cybersecurity practices and awareness levels.
These insights enhance our understanding of the cybersecurity risks linked to email usage in healthcare settings, especially within rapidly digitising systems such as those in Saudi Arabia. The findings contribute to practical improvements and may also help develop new theories related to digital behaviour, communication culture, and organisational preparedness in cybersecurity contexts.
This study serves as a comprehensive contribution that offers detailed qualitative insights into healthcare cybersecurity. It captures real-world perspectives from professionals and highlights specific challenges that quantitative methods alone would not reveal.
While this study is based in Saudi Arabia, its findings could also be applicable to other healthcare systems undergoing digital transformation, especially in regions with similar organisational and cultural characteristics.

12. Future Work

This study provides valuable qualitative insights into email communication and cybersecurity practices within the Saudi healthcare sector. However, future research should consider adopting a quantitative or mixed-methods approach that involves larger and more diverse samples. Follow-up studies could incorporate phishing simulation tests to assess real-world behavioural responses among healthcare employees. Additionally, future research may investigate the effectiveness of structured training programs and institutional policies in enhancing cybersecurity awareness and resilience. Comparative studies across different sectors or countries could also offer broader perspectives on organisational cybersecurity preparedness.

Author Contributions

E.S. developed the research idea, conducted the study, collected and analysed the data, and wrote the initial draft of the manuscript. R.I. provided primary supervision, critically reviewed the manuscript, and offered extensive feedback to enhance its structure and clarity. E.G. served as the secondary supervisor, reviewed the manuscript at various stages, and provided guidance on refining the analysis and presentation of the results. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

This study received ethical clearance from Newcastle University’s Ethics Committee (Reference: 50647/2023). All procedures adhered to international ethical standards and institutional guidelines to ensure the protection and rights of participants.

Informed Consent Statement

Before participation, all individuals were fully informed about the nature and purpose of the study. Consent was obtained from each participant, confirming their voluntary involvement and understanding of the research process.

Data Availability Statement

The datasets generated and/or analysed during the current study are not publicly available due to confidentiality agreements with participants but are available from the corresponding author upon reasonable request.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. IBM. Cost of a Data Breach Report 2022. Available online: https://www.key4biz.it/wp-content/uploads/2022/07/Cost-of-a-Data-Breach-Full-Report-2022.pdf (accessed on 1 August 2025).
  2. Alsalem, T.; Amin, M. Towards Trustworthy IoT Systems: Cybersecurity Threats, Frameworks, and Future Directions. J. Cyber Secur. Risk Audit. 2023, 2023, 3–18. [Google Scholar] [CrossRef]
  3. Aljumaiah, O.; Jiang, W.; Addula, S.R.; Almaiah, M.A. Analyzing cybersecurity risks and threats in IT infrastructure based on NIST framework. J. Cyber Secur. Risk Audit. 2025, 2025, 12–26. [Google Scholar] [CrossRef]
  4. Aljeaid, D.; Alzhrani, A.; Alrougi, M.; Almalki, O. Assessment of end-user susceptibility to cybersecurity threats in Saudi Arabia by simulating phishing attacks. Information 2020, 11, 547. [Google Scholar] [CrossRef]
  5. Alzubaidi, A. Measuring the level of cyber-security awareness for cybercrime in Saudi Arabia. Heliyon 2021, 7, e06016. [Google Scholar] [CrossRef]
  6. Alhazmi, F. A critical review of healthcare human resource development: A Saudization perspective. Health 2021, 13, 1496–1510. [Google Scholar] [CrossRef]
  7. IBM. Cost of a Data Breach Report 2024—Healthcare Industry. 2024. Available online: https://wp.table.media/wp-content/uploads/2024/07/30132828/Cost-of-a-Data-Breach-Report-2024.pdf (accessed on 1 August 2025).
  8. Kaspersky Lab. Phishing and Spam Annual Report 2024. 2025. Available online: https://www.kaspersky.co.za/about/press-releases/kaspersky-reports-nearly-900-million-phishing-attempts-in-2024-as-cyber-threats-increase?utm_source=chatgpt.com (accessed on 1 August 2025).
  9. Kaspersky Lab. Dark Web Exposed Records—Middle East Healthcare Sector. 2024. Available online: https://cybersecurityasia.net/kaspersky-nearly-900-million-phishing-attempts/?utm_source=chatgpt.com (accessed on 1 August 2025).
  10. Kaspersky Digital Footprint Intelligence. Whispers from the Dark Web: 9.7 Million Compromised Accounts from the Middle East Uncovered. Available online: https://dfi.kaspersky.com/blog/whispers-from-darkweb (accessed on 1 August 2025).
  11. SOCRadar. Saudi Arabia Threat Landscape Report. 2024. Available online: https://socradar.io/wp-content/uploads/2024/12/SOCRadar-Saudi-Arabia-Threat-Landscape-Report-2024.pdf (accessed on 1 August 2025).
  12. Proofpoint. Voice of the CISO 2024: Defending Data in a Perimeterless World. 2024. Available online: https://www.proofpoint.com/uk/newsroom/press-releases/proofpoints-2024-voice-ciso-report-more-two-thirds-cisos-saudi-arabia-feel?utm_source=chatgpt.com (accessed on 1 August 2025).
  13. IBM Report: Saudi Arabia Continues to Be Targeted by Cyber Threat Actors. Available online: https://www.zawya.com/en/press-release/research-and-studies/ibm-report-saudi-arabia-continues-to-be-targeted-by-cyber-threat-actors-t5m56ul5 (accessed on 1 August 2025).
  14. Threat Actors Continue to Target Saudi Arabia: IBM. 2023. Available online: https://securitymea.com/2023/03/28/threat-actors-continue-to-target-saudi-arabia-ibm/ (accessed on 1 August 2025).
  15. Kaspersky Reports Phishing Attacks Grew by 40 Per Cent. 2023. Available online: https://www.kaspersky.com/about/press-releases/2024_kaspersky-reports-phishing-attacks-grow-by-40-percent-in-2023 (accessed on 1 August 2025).
  16. Almrezeq, N.; Humayun, M.; Alruwail, M.; Alanazi, S.; Jhanjhi, N.Z. Cyber Security Attacks and Challenges in Saudi Arabia during COVID-19. Int. J. Comput. Sci. Netw. Secur. 2023, 23, 179–187. [Google Scholar]
  17. Bada, M.; Sasse, A.M.; Nurse, J.R. Cyber security awareness campaigns: Why do they fail to change behaviour? arXiv 2019, arXiv:1901.02672. [Google Scholar] [CrossRef]
  18. Phishing Awareness Training for Healthcare Staff. Available online: https://www.securahealth.com/phishing-awareness-training-healthcare-staff (accessed on 1 August 2025).
  19. IBM Report: Average Cost per Data Breach Incident in the Middle East Stands at $6.53 Million. 2020. Available online: https://www.albawaba.com/business/pr/2020-ibm-report-average-cost-data-breach-incident-middle-east-stands-653-million (accessed on 1 August 2025).
  20. Muthuswamy, V.V. Cyber Security Challenges Faced by Employees in the Digital Workplace of Saudi Arabia’s Digital Nature Organization. Int. J. Cyber Criminol. 2023, 17, 40–53. [Google Scholar]
  21. Yeng, P.K.; Fauzi, M.A.; Yang, B.; Nimbe, P. Investigation into phishing risk behaviour among healthcare staff. Information 2022, 13, 392. [Google Scholar] [CrossRef]
  22. Healthcare Cyber Attack Statistics 2022: 25 Alarming Data Breaches You Should Know. Available online: https://expertinsights.com/insights/healthcare-cyber-attack-statistics (accessed on 1 August 2025).
  23. The Healthcare Industry’s Top Cybersecurity Risks. Available online: https://fieldeffect.com/blog/healthcare-industry-top-cyber-security-risks (accessed on 1 August 2025).
  24. Report: Saudi Arabia, UAE Hospitals Put Citizens at Cyber Risks. Available online: https://www.edgemiddleeast.com/security/report-saudi-arabia-uae-hospitals-put-citizens-at-cyber-risks (accessed on 1 August 2025).
  25. Altamimi, S.; Renaud, K.; Storer, T. I do it because they do it: Social-neutralisation in information security practices of Saudi medical interns. In Proceedings of the Risks and Security of Internet and Systems: 14th International Conference, CRiSIS 2019, Hammamet, Tunisia, 29–31 October 2020; Springer International Publishing: Berlin/Heidelberg, Germany, 2020; Volume 14, pp. 227–243. [Google Scholar]
  26. Coventry, L.; Branley, D. Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas 2018, 113, 48–52. [Google Scholar] [CrossRef]
  27. IBM Security. Cost of a Data Breach Report 2023. 2023. Available online: https://d110erj175o600.cloudfront.net/wp-content/uploads/2023/07/25111651/Cost-of-a-Data-Breach-Report-2023.pdf (accessed on 1 August 2025).
  28. Alyahya, A.; Weir, G.R. Understanding responses to phishing in Saudi Arabia via the theory of planned behaviour. In Proceedings of the 2021 National Computing Colleges Conference (NCCC), Taif, Saudi Arabia, 27–28 March 2021; pp. 1–6. [Google Scholar]
  29. Strategies to Protect Saudi Arabia Healthcare from Cyberattacks. Available online: https://www.aman.com.sa/blog/securing-saudi-arabia-healthcare-from-cyberattacks (accessed on 1 August 2025).
  30. Almaghrabi, N.S.; Bugis, B.A. Patient confidentiality of electronic health records: A recent review of the Saudi literature. Dr. Sulaiman Al Habib Med. J. 2022, 4, 126–135. [Google Scholar] [CrossRef]
  31. Saudi Arabia Strengthens Its Cybersecurity Posture. Available online: https://www.pwc.com/m1/en/media-centre/articles/saudi-arabia-strengthens-its-cybersecurity-posture.html (accessed on 1 August 2025).
  32. Phishing and Scams Hit the Roof in Saudi Arabia with 168% Increase in Number of Detections in Q2. 2022. Available online: https://www.zawya.com/en/press-release/companies-news/phishing-and-scams-hit-the-roof-in-saudi-arabia-with-168-increase-in-number-of-detections-in-q2-2022-f4gnk6wt (accessed on 1 August 2025).
  33. IBM Report: Total Cost of a Data Breach for Businesses in the Middle East Reaches SAR 29.9 Million—The Highest in 10 Years. Available online: https://mea.newsroom.ibm.com/IBM-Report-Total-Cost-of-a-Data-Breach-for-Businesses-in-the-Middle-East#:~:text=The%202023%20IBM%20report%20highlights,breach%20reached%20SAR%2032.46%20million (accessed on 1 August 2025).
  34. Alotaibi, Y.K.; Federico, F. The impact of health information technology on patient safety. Saudi Med. J. 2017, 38, 1173. [Google Scholar] [CrossRef]
  35. HIMSS Healthcare Cybersecurity Survey 2022. Available online: https://www.himss.org/sites/hde/files/media/file/2023/04/03/2022-himss-cybersecurity-survey.pdf (accessed on 1 August 2025).
  36. HIPAA Journal. How to Protect Healthcare Data from Phishing Attacks. 5 October. 2023. Available online: https://www.hipaajournal.com/protect-healthcare-data-from-phishing/ (accessed on 1 August 2025).
  37. Marketing & Communications: Strengthening Healthcare Cybersecurity in Saudi Arabia Digital Era. Available online: https://saudihealthcareconsulting.com/insights/articles/protecting-patient-data-saudi-cybersecurity-measures (accessed on 1 August 2025).
  38. Saudi Ministry of Health. National e-Health Strategy: Saudi Arabia. Presentation to the International Telecommunication Union. 2022. Available online: https://www.itu.int/ITU-D/cyb/events/2012/e-health/Nat_eH_Dev/Session%204/KSA-MOH-Presentation-SaudiArabia%20FINAL.pdf (accessed on 1 August 2025).
  39. Aljedaani, B.; Ahmad, A.; Zahedi, M.; Ali Babar, M. Security awareness of end-users of mobile health applications: An empirical study. In Proceedings of the MobiQuitous 2020-17th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, Darmstadt, Germany, 7–9 December 2020; pp. 125–136. [Google Scholar]
  40. Zarour, M.; Alenezi, M.; Ansari, M.T.J.; Pandey, A.K.; Ahmad, M.; Agrawal, A.; Kumar, R.; Khan, R.A. Ensuring data integrity of healthcare information in the era of digital health. Healthc. Technol. Lett. 2021, 8, 66–77. [Google Scholar] [CrossRef]
  41. Stephanie, N.; Khinvasara, T. Emerging Threats in Cyberspace: Implications for National Security Policy and Healthcare Sector. J. Eng. Res. Rep. 2024, 26, 107–117. [Google Scholar] [CrossRef]
  42. Ala’a, M.; Ramayah, T.; Al-Sharafi, M.A. Exploring the impact of cybersecurity on using electronic health records and their performance among healthcare professionals: A multi-analytical SEM-ANN approach. Technol. Soc. 2024, 77, 102592. [Google Scholar]
  43. Kotkova, B. Cyber security in the healthcare sector-Current threats. Int. Multidiscip. Sci. GeoConf. SGEM 2022, 22, 11–18. [Google Scholar]
  44. Zhou, Z.; Gaurav, A.; Gupta, B.B.; Hamdi, H.; Nedjah, N. A statistical approach to secure health care services from DDoS attacks during COVID-19 pandemic. Neural Comput. Appl. 2024, 36, 1–14. [Google Scholar] [CrossRef] [PubMed]
  45. Alanazi, K. Critical success factors for health transformation in the Kingdom of Saudi Arabia (KSA). Am. Acad. Sch. Res. J. 2023, 14, 5. [Google Scholar]
  46. Rogers, R.W. A protection motivation theory of fear appeals and attitude change. J. Psychol. 1975, 91, 93–114. [Google Scholar] [CrossRef] [PubMed]
  47. Ifinedo, P. Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Comput. Secur. 2012, 31, 83–95. [Google Scholar] [CrossRef]
  48. Warkentin, M.; Johnston, A.C.; Shropshire, J. The influence of the informal social learning environment on information privacy policy compliance efficacy and intention. Eur. J. Inf. Syst. 2011, 20, 267–284. [Google Scholar] [CrossRef]
  49. Mayer, R.C.; Davis, J.H.; Schoorman, F.D. An integrative model of organizational trust. Acad. Manag. Rev. 1995, 20, 709–734. [Google Scholar] [CrossRef]
  50. Freeman, R.E. Strategic Management: A Stakeholder Approach; Pitman: Boston, MA, USA, 2010. [Google Scholar]
  51. Giorgi, A. The Descriptive Phenomenological Method in Psychology: A Modified Husserlian Approach; Duquesne University Press: Pittsburgh, PA, USA, 2009. [Google Scholar]
  52. Creswell, J.W.; Poth, C.N. Qualitative Inquiry and Research Design: Choosing Among Five Approaches; Sage publications: Thousand Oaks, CA, USA, 2016. [Google Scholar]
  53. Morrow, R.; Rodriguez, A.; King, N. Colaizzi’s descriptive phenomenological method. Psychol. 2015, 28, 643–644. [Google Scholar]
  54. Valle, R.S.; King, M. Existential-Phenomenological Alternatives for Psychology; Oxford U Press: Oxford, UK, 1978. [Google Scholar]
  55. Guest, G.; Bunce, A.; Johnson, L. How many interviews are enough? An experiment with data saturation and variability. Field Methods 2006, 18, 59–82. [Google Scholar] [CrossRef]
  56. Noor, A. The utilisation of e-health in the Kingdom of Saudi Arabia. Int. Res. J. Eng. Technol. 2019, 6, 11. [Google Scholar]
  57. Ginn, S. Email in healthcare: Pros, cons and efficient use. BJPsych Adv. 2024, 30, 195–201. [Google Scholar] [CrossRef]
  58. Sprout.ai’s. Guide on the Role of Attachments in Enhancing Communication. 2024. Available online: https://sprouts.ai/blog/to-attach-or-not-to-attach-including-files-in-cold-emails/ (accessed on 1 August 2025).
  59. Alabdan, R. Phishing attacks survey: Types, vectors, and technical approaches. Future Internet 2020, 12, 168. [Google Scholar] [CrossRef]
  60. Atherton, H.; Sawmynaden, P.; Meyer, B.; Car, J. Email for the coordination of healthcare appointments and attendance reminders. Cochrane Database Syst. Rev. 2012. [Google Scholar] [CrossRef]
  61. Empuls. 10 Best Appreciation Email to Team for Better Morale. 2024. Available online: https://blog.empuls.io/appreciation-email-to-team/ (accessed on 1 August 2025).
  62. Hon, K.W. Technology and Security for Lawyers and Other Professionals; Edward Elgar Publishing: Cheltenham, UK, 2024; pp. 395–415. [Google Scholar]
  63. Angafor, G.N. Social media security: The impact of AI-generated Whatsapp scams on the protection and privacy of Whatsapp community groups. Comput. Sci. IT Res. J. 2025, 6. [Google Scholar] [CrossRef]
  64. Glenton, C.; Paulsen, E.; Agarwal, S.; Gopinathan, U.; Johansen, M.; Kyaddondo, D.; Munabi-Babigumira, S.; Nabukenya, J.; Nakityo, I.; Namaganda, R.; et al. Healthcare workers’ informal uses of mobile phones and other mobile devices to support their work: A qualitative evidence synthesis. Cochrane Database Syst. Rev. 2024, 8, CD015705. [Google Scholar] [CrossRef] [PubMed]
  65. Alkhalil, Z.; Hewage, C.; Nawaf, L.; Khan, I. Phishing attacks: A recent comprehensive study and a new anatomy. Front. Comput. Sci. 2021, 3, 563060. [Google Scholar] [CrossRef]
  66. Besenyő, J.; Kovács, A.M. The Importance of Security Awareness in the Healthcare Sector: Examination of Threat Vectors, Environmental Factors, and Opportunities for Mitigation. In Handbook of Terrorist and Insurgent Groups; CRC Press: Boca Raton, FL, USA, 2024; pp. 246–258. [Google Scholar]
  67. Alhuwail, D.; Al-Jafar, E.; Abdulsalam, Y.; AlDuaij, S. Information security awareness and behaviours of health care professionals at public health care facilities. Appl. Clin. Inform. 2021, 12, 924–932. [Google Scholar]
  68. Alhamami, M. Language barriers in multilingual Saudi hospitals: Causes, consequences, and solutions. Int. J. Multiling. 2022, 19, 553–565. [Google Scholar] [CrossRef]
  69. Schindler, K. The crucial role of the English language in intercultural communication within global healthcare. Int. Sci. J. Educ. Linguist. 2024, 3, 63–68. [Google Scholar]
  70. Angouri, J.; Miglbauer, M. ‘And then we summarise in English for the others’: The lived experience of the multilingual workplace. Multilingua 2014, 33, 147–172. [Google Scholar] [CrossRef]
  71. Fuglestad, S.; Herje, M.V.A. The Influence of Work Life Balance on Employee Well-Being: The Mediating Roles of Job Satisfaction and Burnout/Stress. Doctoral Dissertation, University of Stavanger, Stavanger, Norway, 2023. [Google Scholar]
  72. Alomari, A.; AlAhmari, N. Work-Life Balance and Job Satisfaction in the Era of Saudi Arabia’s New Lifestyle: A Study on Expatriate Retention. Rev. Econ. Financ. 2023, 21, 1054–1062. [Google Scholar]
  73. Chowdhury, N.; Gkioulos, V. Cyber security training for critical infrastructure protection: A literature review. Comput. Sci. Rev. 2021, 40, 100361. [Google Scholar] [CrossRef]
Computers 14 00324 g001
Figure 1. Measures in USD millions [27].
Figure 1. Measures in USD millions [27].
Computers 14 00324 g001
Computers 14 00324 g002
Figure 2. Organisation type [35].
Figure 2. Organisation type [35].
Computers 14 00324 g002
Computers 14 00324 g003
Figure 3. Phishing statistics for everyone in healthcare [36].
Figure 3. Phishing statistics for everyone in healthcare [36].
Computers 14 00324 g003
Computers 14 00324 g004
Figure 4. The most common types of cyber threats in Saudi Arabia in 2022 [37].
Figure 4. The most common types of cyber threats in Saudi Arabia in 2022 [37].
Computers 14 00324 g004
Computers 14 00324 g005
Figure 5. Healthcare in Saudi Arabia [38].
Figure 5. Healthcare in Saudi Arabia [38].
Computers 14 00324 g005
Computers 14 00324 g006
Figure 6. Gender of study participants.
Figure 6. Gender of study participants.
Computers 14 00324 g006
Computers 14 00324 g007
Figure 7. Type of work of participants.
Figure 7. Type of work of participants.
Computers 14 00324 g007
Computers 14 00324 g008
Figure 8. Participants’ distribution across regions in Saudi Arabia.
Figure 8. Participants’ distribution across regions in Saudi Arabia.
Computers 14 00324 g008
Computers 14 00324 g009
Figure 9. Conceptual thematic map analysis of Saudi healthcare staff’s views on email communication practices to strengthen cybersecurity among employees in health institutions.
Figure 9. Conceptual thematic map analysis of Saudi healthcare staff’s views on email communication practices to strengthen cybersecurity among employees in health institutions.
Computers 14 00324 g009
Table 1. The rankings of the five most expensive industries and their changes from the previous year [27].
Table 1. The rankings of the five most expensive industries and their changes from the previous year [27].
Industry2023 (USD Million)2022 (USD Million)
Healthcare10.9310.10
Financial5.905.97
Pharmaceuticals4.825.01
Energy4.784.97
Industrial4.734.72
Table 2. MOH healthcare resources [38].
Table 2. MOH healthcare resources [38].
Pharmacists1790
Physicians31,516
Other100,606
Medical support staff40,110
Nurses75,978
Total250,000
Table 3. Hospitals in Saudi Arabia [38].
Table 3. Hospitals in Saudi Arabia [38].
Health SectorCurrentIn 5 years
Other Government Sectors3950
Private Sector127200
MOH249370
Total415620
Table 4. Summary of Key Studies on Cybersecurity in Healthcare.
Table 4. Summary of Key Studies on Cybersecurity in Healthcare.
StudyObjectivesKey Findings
Alzubaidi [5]Discuss general cybersecurity risks from IT growthCyberattacks cause major risks to personal data and systems
Almaghrabi et al. [30]Highlight privacy risks in healthcare systemsEHRs bring critical challenges for patient privacy and safety
Zarour et al. [40]Examine data integrity issues in healthcare (Saudi focus)Data inaccuracy can lead to serious harm; threat stats included
Khinvasara and Ness et al. [41]Explore cyber risks from growing healthcare ITEmphasises rise in threats from hackers and organised groups
Ala’a M. et al. [42]Study how cybersecurity affects EHR use and staff productivityFound strong link between security and staff trust in EHRs
Kotkova [43]Address IT dependency in healthcare after COVID-19Healthcare systems highly exposed to digital attacks
Zhou et al. [44]Analyse how COVID-19 increased cyberattacksPandemic increased reliance on IT, making systems vulnerable
Alanazi [45]Examine Vision 2030′s health reformsEmphasises tech challenges in Saudi healthcare structure
Table 5. Examples of significant statements.
Table 5. Examples of significant statements.
Significant StatementsParticipantTranscript Page No.Line No.
She said, ”We use official work emails to communicate and exchange messages. We never utilize personal emails for work-related purposes.”P2034561
He said, ”Email is the official means of communication among employees, and each employee has a job email.”P1221334
Table 6. Examples of formulated meanings from significant statements.
Table 6. Examples of formulated meanings from significant statements.
Significant StatementsFormulated Meanings
She said, ”We use official work emails to communicate and exchange messages. We never utilize personal emails for work-related purposes.”
He said,” Email is the official means of communication among employees, and each employee has a job email.”		Employee email is the official method of communication among employees.
Table 7. Developing clusters of themes from some formulated meanings.
Table 7. Developing clusters of themes from some formulated meanings.
Formulated MeaningsTheme ClusterEmergent Theme
Employee email is the official method of communication among employees.EmailCommunication practices
Table 8. Thematic map.
Table 8. Thematic map.
Theme ClusterEmergent Themes
Email
WhatsApp for Communication		Communication practices
Arabic
English
Dual Language		Communication language
Announcements
Notifications
Tasks
Circulars
Congratulations		Types of emails
Attachments
Texts
Images
Links
Posters
Barcodes		Email content
Official Email
Personal Email		Phishing email
Marketing Offers
Job Offers
Banking Services
Profitable Advertisements		Types of phishing
During Work Hours
After Work Hours		Timing
Medical
Technical		Differences in functionality
Lack of Structured Workshops
Awareness gaps
Absence of Mandatory Programmes
Need for Structured and Mandatory Training for Employees		Training and awareness
Differences in Practices Between Urban and Rural Settings.
Differences in Cybersecurity Knowledge Across Regions		Regional disparities
Varied Awareness Levels Among Staff
Training Needs		Cybersecurity challenges
Workshops
Awareness Programmes
Mandatory Training Courses
Security Tests
Control of Internal Networks
Electronic Platform on Cybersecurity in Health		Recommendation for improvement
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Shadadi, E.; Ibrahim, R.; Ghadafi, E. Cybersecurity Threats in Saudi Healthcare: Exploring Email Communication Practices to Enhance Cybersecurity Among Healthcare Employees in Saudi Arabia. Computers 2025, 14, 324. https://doi.org/10.3390/computers14080324

AMA Style

Shadadi E, Ibrahim R, Ghadafi E. Cybersecurity Threats in Saudi Healthcare: Exploring Email Communication Practices to Enhance Cybersecurity Among Healthcare Employees in Saudi Arabia. Computers. 2025; 14(8):324. https://doi.org/10.3390/computers14080324

Chicago/Turabian Style

Shadadi, Ebtesam, Rasha Ibrahim, and Essam Ghadafi. 2025. "Cybersecurity Threats in Saudi Healthcare: Exploring Email Communication Practices to Enhance Cybersecurity Among Healthcare Employees in Saudi Arabia" Computers 14, no. 8: 324. https://doi.org/10.3390/computers14080324

APA Style

Shadadi, E., Ibrahim, R., & Ghadafi, E. (2025). Cybersecurity Threats in Saudi Healthcare: Exploring Email Communication Practices to Enhance Cybersecurity Among Healthcare Employees in Saudi Arabia. Computers, 14(8), 324. https://doi.org/10.3390/computers14080324

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop