Cognitive Hacking and Social Engineering in Healthcare: Exploiting Human Behaviour

Authors

  • Raheemat Adefabi Teesside University
  • Oludolamu Onimole Teesside University
  • Abuh Ibrahim Sani University of Bradford
  • Olabisi Olajide University of Bradford
  • Valentine Okpalanozie TMF IT
  • Taiwo Oseni University of Huddesfield
  • Chimeziri Iwuoha Young Cyber Talents
  • Fatimah Eniafe
  • Xavier Palmer Old Dominion University
  • Lucas Potter BiosView

DOI:

https://doi.org/10.34190/eccws.24.1.3337

Keywords:

Cognitive, Hacking, Social engineering, Healthcare, Exploiting, Human Behaviour

Abstract

Hacking medical facilities proves to be a profitable venture. An entire individual record, containing name, insurance number, address, and social services identifier, can fetch hundreds of dollars on the dark web. Researchers have demonstrated how data breaches affect health information technology investment and its impact on the broader economy. Due to the vast number of individuals accessing personal data and inadequate security measures, healthcare facilities are vulnerable targets for cyberattacks. However, that healthcare facilities are vulnerable targets for cyber-attacks is not completely accurate. When it comes to cyber security, this sector has significantly advanced compared to others. However, despite significant funds being allocated to antivirus software, enhanced network security, and improved cyber security measures, breaches continue to occur. Human error is only partially responsible for this. Cognitive hacking uses false information, psychological influence, and misinformation to shape opinions and decisions, which can result in harmful health effects and distrust in verification. Social engineering uses strategies like phishing, pretexting, and impersonation to manipulate people and obtain unauthorised entry to systems, medical records, or critical infrastructure. Cognitive hacking and social engineering take advantage of healthcare professionals' characteristics like trust, empathy, and obedience to authority in addition to demanding work conditions to circumvent standard cybersecurity protections. This study explores the tactics and outcomes of these people-focused attacks in healthcare, emphasising the mental influences that leave the industry vulnerable. It also investigates actual steps to take, such as educating employees, using multi-factor authentication, preparing for incidents, and implementing controlled access rules, which are crucial for strengthening healthcare facilities against these intricate risks. Healthcare organisations can enhance protection of patient data, uphold operational stability, and foster trusted patient-provider relationships by recognising and dealing with the human factor. It will also analyse how different implementation techniques influence incident reduction rates, behavioural changes, and security awareness. By adopting this approach, this body of work will provide practical solutions that enhance the resilience of healthcare infrastructure while safeguarding patients’ personal information.

Author Biographies

Raheemat Adefabi, Teesside University

 A skilled engineer and cybersecurity specialist with a strong foundation in Electronic Electrical Engineering and advanced expertise in Cybersecurity. With a master's degree in Cybersecurity, Raheemat specializes in network security, risk management, data protection, IoT, blockchain, and AI. Raheemat is dedicated in bridging the gap between hardware engineering and cybersecurity.

Oludolamu Onimole, Teesside University

Oludolamu Ademola Onimole is a cyber operations analyst and researcher specializing in cloud security, threat detection, identity and access management, vulnerability management, and cybersecurity resileince. Oludolamu has a strong background in incident response, cloud security and business email compromise (BEC) prevention.

Abuh Ibrahim Sani, University of Bradford

Abuh Ibrahim Sani is a cybersecurity researcher and analyst. Abuh holds a Master's degree in Cybersecurity and ICT from the University of Bradford and Bayero University Kano. Abuh research interest includes blockchain, IoT, smart contract, AI, machine learning and network security. I have authored and co-authored 5 scientific research papers.

Olabisi Olajide, University of Bradford

Ahmed Olabisi Olajide is the co-founder of Eybrids, a skilled cybersecurity analyst and researcher specialising in security operations, vulnerability assessments, cloud security, and incident response. He has authored over 25 technical and peer-reviewed articles covering IoT security, AI in cybersecurity, deep learning , and blockchain based solutions, shaping industry knowledge and best practices.

Valentine Okpalanozie, TMF IT

Valentine Okpalanozie is a cybersecurity analyst and researcher specialising in threat detection, incident response, vulnerability management, and cloud security. He focuses on identifying and mitigating cyber threats while enhancing security resilience across digital platforms and contributing to cybersecurity research.

Taiwo Oseni, University of Huddesfield

Taiwo Oseni is a dynamic and highly skilled cybersecurity professional with extensive experience in security operations, incident response, risk advisory, data loss prevention, and third-party security assessments. He excels at bridging the gap between technical and non-technical teams, leading diverse initiatives, and aligning cybersecurity strategies with business goals.

Chimeziri Iwuoha, Young Cyber Talents

Chimeziri Hyelhara Iwuoha is a certified eJPT penetration tester, researcher, and BSc-qualified psychologist, advocating for digital skills like cloud computing, cybersecurity, and AI in secondary schools, creating practical lessons for young minds.

Fatimah Eniafe

Fatimah Eniafe is a senior GRC consultant specialising in building formidable security posture for organisation in alignment to security standards. She also possess expertise in security operations and threat intelligence.

Xavier Palmer, Old Dominion University

Xavier comes from multiple disciplines, explored largely at Old Dominion University, and is a part of the virtual lab, BiosView. He leans into positive and creative projects that foster curiosity and conversation around technologies that interface with biology.

Lucas Potter, BiosView

Lucas has been an engineer with BiosView, specifically focusing on BioCyberSecurity, for the past five years. Previous efforts have resulted in 14 academic journal articles and 22 conference articles.

Downloads

Published

2025-06-25

Issue

Vol. 24 No. 1 (2025): Proceedings of the 24th European Conference on Cyber Warfare and Security

Section

Academic Papers

License

Copyright (c) 2025 European Conference on Cyber Warfare and Security

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.