Development and Validation of a Healthcare Workers Phishing Risk Exposure (HWPRE) Taxonomy for Mobile Email
Dr. Vikram Kumar1, Yash Sevak2
1Assistant Professor, Department of Computer Science and Engineering, Parul Institute of Technology, Parul University, Gujarat, India
2Students of Computer Science and Engineering, Parul Institute of Engineering and Technology, Parul University, Gujarat, India
Abstract—Email on mobile has become a dominant communic- ation channel for healthcare professionals, yet its constrained interface and context of use amplify vulnerability to social engineering attacks, especially phishing. This paper reports the development and empirical validation of the Healthcare Workers Phishing Risk Exposure (HWPRE) taxonomy, a 2×2 framework that positions individuals by (i) general email phishing susceptibility; and (ii) ability to detect mobile-specific phishing cues. We followed a sequential three-phase design:
(1) a Delphi study with cybersecurity subject matter experts to validate mobile-relevant phishing indicators and components of a susceptibility index; (2) a pilot to refine instruments and procedures; as well as (3) a
large-scale study ( =300 healthcare workers) using scenario- based assessments on smartphone-generated email stimuli. We present the construction of the Healthcare Workers Email Phishing Susceptibility Index (HWEPSI), reliability/validity evidence, and statistical analyses relating HWPRE placement to role, experience, medical departments, prior training, and demographic indicators. The results show significant heterogeneity across departments and experience bands; in addition, the ability to recognize mobile cues does not follow uniformly with general susceptibility. We discuss implications for targeted Security Education, Training, and Awareness (SETA) programs and measurement driven program evaluation. We conclude with practical guidance for integrating HWPRE into organizational phishing defense and directions for future research.
Keywords—Phishing, social engineering, healthcare cybersecurity, mobile device cybersecurity, human factors in cybersecurity, SETA in healthcare
