MediaPro Report Reveals Poor Security Awareness of Healthcare Employees


MediaPro published a recent report indicating the lack of preparedness of the healthcare industry to deal with cyberattack scenarios and security threats. In the 2017 State of Privacy and Security Awareness Report, MediaPro surveyed the security awareness of 1,009 US healthcare industry employees. The survey participants were asked about common privacy and security threats and had to answer how they would respond to different threat scenarios.

MediaPro categorized the survey participants based on their responses into three – heroes, novices and risks. Heroes scored highly (93.5% – 100%) and had excellent understanding of privacy and security threats. Novices scored between 77.4% and 90.3% and had reasonable understanding of threats. Risks scored 74.2% or less and had poor security awareness. They could pose a significant risk to a company’s privacy of data.

About 78% of healthcare employees were categorized as risks or novices. In other industries, only 70% of individuals fell under the two categories. This information shows that the healthcare industry lags behind other industries in terms of security awareness and privacy threats.

Based on the survey, physicians also had poor understanding of privacy and security threats. 50% of physicians were categorized as risks. 24% of physicians had poor understanding of phishing emails.  Another area that healthcare employees need to improve on is identifying signs of malware infection. 24% had poor understanding of malware infection.

MediaPro noted that healthcare employees had poor scores in eight areas including identifying personal information, incident reporting, physical security, identifying malware infections, identifying phishing attempts, cloud computing, working remotely and proper use of social media.

The 2017 Data Breach Investigations Report from Verizon revealed that 80% of healthcare data breaches last year were due to human error. Healthcare employees need to have better security awareness HIPAA training because cybercriminals are doubling their efforts to access protected health information. If the security awareness of healthcare employees do not improve, there will surely be more data breaches in the industry no matter how good the organization’s security defenses is.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: