BENEFITS AND RISKS OF SHADOW IT IN HEALTH CARE: A NARRATIVE REVIEW OF THE LITERATURE

Abstract

Currently, health care institutions are confronted with practices related to Shadow IT (SIT) that allow employees to improve their efficiency through tools that complement corporate-provided IT resources. Although SIT practices can be beneficial, they also create additional vulnerabilities and access points for cyberthreats in institutions where patient data are regarded as sensitive. Therefore, this research addresses the following question:
What are the benefits and risks of SIT-related practices in health care? Based on a narrative review of the literature, including 220 articles, this research highlights several specificities of the health care context and their impact on research related to IT adoption and information
security behaviors. In terms of managerial contributions, we formulate several proposals to better manage SIT-related risks, such as staff awareness and zero trust solutions. We also contribute to the academic literature by highlighting the interest of questioning specific
drivers of reverse IT adoption, the phenomenon of pseudo-compliance and the impact of neutralization techniques. We also make several proposals for future research, such as studying the impact of emergency situations on the behavior of health care personnel.