Human Resource Competencies in Healthcare Cybersecurity: Risk Management and Legal Compliance Implications
-
Ionuț RIZA Faculty of Law, Economics and Administrative Sciences, Craiova, Spiru Haret University, Romania
The aim of the research was to contribute to the expansion of knowledge on human resources competencies, in order to prevent the emergence and propagation of risks at the organizational and cyber levels. The practical analysis used quantitative-comparative analysis within public and private medical units in Romania, presenting in detail the human resources competencies necessary for risk management. The results indicate that mandatory human resources competencies exert a significant influence on cybersecurity readiness through general and specific competencies, such as IT&C skills, security ethics, and economic competencies. Furthermore, the study highlights critical legal implications regarding GDPR compliance and data privacy liability. The originality of the study is supported by the conclusions resulting from the analysis of the capacity of human resources to integrate theoretical knowledge with practical competencies in the process of cyber risk perception and management. From the perspective of future research directions, the need to identify appropriate methods for assessing the competencies acquired by human resources, applied specifically in the context of cyber risks, is emerging.
© The Author(s) 2025. Published by RITHA Publishing. This article is distributed under the terms of the license CC-BY 4.0., which permits any further distribution in any medium, provided the original work is properly cited maintaining attribution to the author(s) and the title of the work, journal citation and URL DOI.
Article’s history: Received 25th of November, 2025; Revised 7th of December, 2025; Accepted for publication 27th of December, 2025; Available online: 30th of December, 2025 Published as article in Volume I, Issue 2(2), 2025.
Riza, I., & Bogdan, A.M. (2025). Human Resource Competencies in Healthcare Cybersecurity: Risk Management and Legal Compliance Implications. Applied Journal of Economics, Law and Governance, Volume I, Issue 2(2), 205-216. https://doi.org/10.57017/ajelg.v1.i2(2).06
Conflict of Interest Statement: The authors declare that the research was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.
Acknowledgment: This research was funded by Spiru Haret University, Central Research Institute through Internal Research Grant Program “Challenges in a Technology & Data-Driven Society” (Grant No.: ID 840/13.04.2023), period: 1st May, 2023–30th December, 2025.
Data Availability Statement : Data available on request: The data that support the findings of this study are available from the corresponding author upon reasonable request.
Alenzi, M.A.S., & Rusho, M.A. (2024). A Field Study on the Impact of the Level of Knowledge of Human Resources Employees About the Principles and Applications of Cybersecurity on Human Resources Laws, Between the Theoretical Aspect and the Practical Application Reality. International Journal of Intelligent Systems and Applications in Engineering, 12(21s), 3214–3220. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/6011
Chodyka, M., Ciekanowski, Z., Kuznetsov, V., Zurawski, S., Chrzaszcz, A., & Drapikowska, B. (2025). The Role of Human Resource Management in Building an Organisational Security System, Including Cybersecurity, in the Era of Globalisation. European Research Studies Journal, Volume XXVIII, Issue 4, 1458-1470. https://doi.org/10.35808/ersj/4192
Dawson, J. (2018). The future cybersecurity workforce: Going beyond technical competencies. Frontiers in Psychology, 9, 744. https://doi.org/10.3389/fpsyg.2018.00744
Drozdowski, G., Rogozińska-Mitrut, J., & Stasiak, J. (2021). The empirical analysis of the core competencies of the company’s resource management risk: Preliminary study. Risks, 9(6), 107. https://doi.org/10.3390/risks9060107
Regulation (EU) 2016/679 on the protection of personal data (GDPR). https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng
Almada, M. (2025). Training curriculum on AI and data protection Law & Compliance in AI Security & Data Protection. https://www.edpb.europa.eu/system/files/2025-06/spe-training-on-ai-and-data-protection-legal_en.pdf
Giansanti, D. (2021). Cybersecurity and the Digital-Health: The Challenge of This Millennium. Healthcare, 9(1), 62. https://doi.org/10.3390/healthcare9010062
Kioskli, K., Seralidou, E., & Polemi, N. (2025). A practical human-centric risk management approach integrating HRM tools for cybersecurity. Electronics, 14, 486. https://doi.org/10.3390/electronics14030486
Kioskli, K., Fotis, T., Nifakos, S., & Mouratidis, H. (2023). The Importance of Conceptualising the Human-Centric Approach in Maintaining and Promoting Cybersecurity-Hygiene in Healthcare 4.0. Applied Sciences, 13(6), 3410. https://doi.org/10.3390/app13063410
Nurse, J.R.C., Milward, J., Alashe, O. (2025). From Security Awareness and Training to Human Risk Management in Cybersecurity. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2025. Lecture Notes in Computer Science, Volume 15814. Springer, Cham. https://doi.org/10.1007/978-3-031-92833-8_6
Sayvaya, I., & Siagian, M. V. (2024). Cybersecurity awareness as a component of HR policies: Protecting employee and organizational data in the digital era. Ambidextrous Journal, 2(2), 187. https://doi.org/10.61536/ambidextrous.v2i02.187
Szczepaniuk, E. K., & Szczepaniuk, H. (2022). Analysis of cybersecurity competencies: Recommendations for telecommunications policy. Telecommunications Policy, Volume 46, Issue 3, 102282. https://doi.org/10.1016/j.telpol.2021.102282
Zhang, X., Wang, P., & Peng, L. (2024). Developing a Competency Model for Human Resource Directors (HRDs) in Exponential Organizations Undergoing Digital Transformation. Sustainability, 16(23), 10540. https://doi.org/10.3390/su162310540