MediaPro published a recent report indicating the lack of preparedness of the healthcare industry to deal with cyberattack scenarios and security threats. In the 2017 State of Privacy and Security Awareness Report, MediaPro surveyed the security awareness of 1,009 US healthcare industry employees. The survey participants were asked about common privacy and security threats and had to answer how they would respond to different threat scenarios.
MediaPro categorized the survey participants based on their responses into three – heroes, novices and risks. Heroes scored highly (93.5% – 100%) and had excellent understanding of privacy and security threats. Novices scored between 77.4% and 90.3% and had reasonable understanding of threats. Risks scored 74.2% or less and had poor security awareness. They could pose a significant risk to a company’s privacy of data.
About 78% of healthcare employees were categorized as risks or novices. In other industries, only 70% of individuals fell under the two categories. This information shows that the healthcare industry lags behind other industries in terms of security awareness and privacy threats.
Based on the survey, physicians also had poor understanding of privacy and security threats. 50% of physicians were categorized as risks. 24% of physicians had poor understanding of phishing emails. Another area that healthcare employees need to improve on is identifying signs of malware infection. 24% had poor understanding of malware infection.
MediaPro noted that healthcare employees had poor scores in eight areas including identifying personal information, incident reporting, physical security, identifying malware infections, identifying phishing attempts, cloud computing, working remotely and proper use of social media.
The 2017 Data Breach Investigations Report from Verizon revealed that 80% of healthcare data breaches last year were due to human error. Healthcare employees need to have better security awareness training because cybercriminals are doubling their efforts to access protected health information. If the security awareness of healthcare employees do not improve, there will surely be more data breaches in the industry no matter how good the organization’s security defenses is.