Background : The use of information systems today has become a necessity in organizations, including in the health sector due to the large amount of patient data that must be managed. 95% of Bandung City citizens are entitled to health facility services in all health facilities that have been partnered with BPJS Kesehatan, one of which is the Puskesmas. In its service, the Puskesmas manages patient health data using computer-based SIM Puskesmas, thus personal health information is vulnerable to information security threats both from internal and external. Therefore, Puskesmas need to build information security to reduce the level of security violations and maintain the health information of their patients.

Objective : The purpose of this study was to determine the factors that significantly influence the Culture of Information Security in Bandung Public Health Center.

Methods : The research method used is a quantitative method with PLS-SEM data analysis technique using WarpPLS 6.0 software. The technique used is Model Evaluation consisting of Measurement Models, Structural Models and Hypothesis Testing. This research data uses primary data taken through questionnaires to 154 employees who were sampled

Results : Based on the characteristics of the respondents it can be seen that the majority of health center employees are women, the highest age is 19-29 years, the most positions are Administration / Medical Records, Education of employees is S1, lenght of work of Employees is 1-5 years. In the information management process, the Puskesmas has used Computer Based. The Puskesmas has an Information Security Policy. Based on the Evaluation Model, it can be seen that the model is fit, because it meets the Rule of Thumb criteria.

Conclusion : Based on the results of the Model Evaluation and Hypothesis Testing, it can be seen that the variables that influence the Information Security Culture in Bandung City Health Center are Management, Change Management, Knowledge, Soft Issue-Workplace Independent and Attitude.

Keywords :  Information Security Culture, Healthcare, PLS-SEM.

Ashford, W. (2018) Most healthcare organisations have been breached, report shows, ComputerWeekly.com. Available at: https://www.computerweekly.com/news/252436215/Most-healthcare-organisations-have-been-breached-report-shows. Box, D. and Pottas, D. (2013) ‘Improving Information Security Behaviour in the Healthcare Context’, Procedia Technology. Elsevier B.V., 9, pp. 1093–1103. doi: 10.1016/j.protcy.2013.12.122. BPJS Kesehatan (2018) Data Fasilitas Kesehatan BPJS Kesehatan, https://faskes.bpjs-kesehatan.go.id. Available at: https://faskes.bpjs-kesehatan.go.id/aplicares/#/app/peta. Center for Internet Security (2018) Data Breaches: In the Healthcare Sectors, www.cisecurity.org. Available at: www.cisecurity.org/data-breaches-in-the-healthcare-sector/. CNN Indonesia and Kertopati, L. (2017) Dua Rumah Sakit di Jakarta Kena Serangan Ransomware WannaCry, www.cnnindonesia.com. Available at: https://www.cnnindonesia.com/teknologi/20170513191519-192-214642/dua-rumah-sakit-di-jakarta-kena-serangan-ransomware-wannacry (Accessed: 3 November 2018). Da Veiga, A. and Martins, N. (2017) ‘Defining and identifying dominant information security cultures and subcultures’, Computers and Security, 70, pp. 72–94. doi: 10.1016/j.cose.2017.05.002. Da Veiga, A. and Martins, N. (2015) ‘Improving the information security culture through monitoring and implementation actions illustrated through a case study’, Computers and Security, 49(December 2017), pp. 162–176. doi: 10.1016/j.cose.2014.12.006. Ghozali, I. and Latan, H. (2014) Partial Least Square Konsep, Metode dan Aplikasi Menggunkan Program Aplikasi WarpPLS 5.0. Semarang: Universitas Diponegoro. Hair, J. F., Christian, M. and Sarstedt, M. (2011) ‘PLS-SEM : Indeed a Silver Bullet’, Journal of Marketing Theory and Practice, 19(2), pp. 139–152. Hassan, N. H. and Ismail, Z. (2016) ‘Information security culture in healthcare informatics: A preliminary investigation’, Journal of Theoretical and Applied Information Technology, 88(2), pp. 202–209. doi: doi:10.1817/jatit.2016.04. HIPAA Journal (a) (2018) Report: Healthcare Data Breaches in Q1, 2018, www.hipaajournal.com. Available at: https://www.hipaajournal.com/report-healthcare-data-breaches-in-q1-2018/. HIPAA Journal (b) (2018) Analysis of Q4 2017 Healthcare Security Breaches, www.hipaajournal.com. Available at: https://www.hipaajournal.com/analysis-q4-2017-healthcare-security-breaches/. HIPAA Journal (c) (2018) Healthcare Data Breach Statistics, www.hipaajournal.com. Available at: https://www.hipaajournal.com/healthcare-data-breach-statistics/. Kock, N. (2018) WarpPLS User Manual Version 6.0. KompasTV (2018) 6 Komputer Puskesmas di Cirebon Hilang, Pelayanan Terganggu, www.kompas.com. Available at: https://www.kompas.tv/article/34067/6-komputer-puskesmas-di-cirebon-hilang-pelayanan-terganggu (Accessed: 2 November 2018). Kruger, H. A., Drevin, L. and Steyn, T. (2010) ‘A vocabulary test to assess information security awareness’, Information Management & Computer Security, 18(5), pp. 316–327. doi: 10.1108/09685221011095236. Kruger, H. A. and Kearney, W. D. (2006) ‘A Prototype for Assesing Information Security Awareness’, Elsevier Journal : Computers & Security, pp. 289–296. doi: 10.1016/j.cose.2006.02.008. Kusnendi (2008) Model-Model Persamaan Struktural. Bandung: ALFABETA. Menteri Kesehatan RI (2013) ‘Peraturan Menteri Kesehatan RI No. 71 Tahun 2013 Tentang Pelayanan Kesehatan pada Jaminan Kesehatan Nasional’. Menteri Kesehatan RI (2014) Peraturan Menteri Kesehatan RI No. 75 Tahun 2014 Tentang Puskemas. Peltier, T. R. (2014) Information Security Fundamentals. 2nd edn. Auerbach Publications. Shick, S. (2018) Security Breaches in Healthcare: 70 Percent Of Organizations Hit Globally, Report Shows, https://securityintelligence.com. Available at: https://securityintelligence.com/news/security-breaches-inhealthcare-70-percent-of-organization-hit-globally-report-shows. Sugiyono (2018) Metode Penelitian Kuantitatif. Bandung: ALFABETA. Verizon (2018) Protected Health Information Data Breach Report. Available at: http://www.verizonenterprise.com/resources/protected_health_information_data_breach_report_en_xg.pdf.