Information security culture is mainly considered as a set of information security characteristics that the organization values. In this paper, an attempt has been made to assess the information security culture of Hawassa Referral Hospital located in the south central part of Ethiopia. The study aimed at identifying determinant factors or issues impacting the implementation of an effective culture of information security in the hospital with an intention of improving the existing information security practice in the hospital. To that end, an information security culture assessment model and instrument were adopted from previous studies. The instrument (customized for the current study) incorporates statements that assess the knowledge, attitude, belief and actions of health care providers, and medical students in relation to information security culture. The case study indicated that there is a serious problem of information security culture at different levels in the hospital. Accordingly, identifying the current practices regarding information security in the hospital has a practical contribution in that it has direct implications on setting priorities in relation to information security in the hospital and strengthening different efforts on the issue throughout the health sector in the country. Recommendations are also provided as to how the hospital should approach the different factors and issues in order to put in place better and more secure information environments in the hospital.