A recent MediaPro report released there is still an absence of readiness to deal with common cyberattacks and privacy and security dangers are still not fully comprehended by healthcare staff.
In MediaPro’s 2017 State of Privacy and Security Awareness Report, the firm questioned 1,009 US healthcare sector staff to assess their level of security awareness. Respondents were asked about about common privacy and security threats and were asked to give answers on many different threat scenarios to determine how they would respond to real world dangers.
Reviewing the answers, MediaPro designated respondents to one of three groups. Heroes were those who scored highly and showed a thorough understanding of privacy and security threats by answering 93.5%-100% of questions correctly. Novices showed a reasonable understanding of dangers, answering between 77.4% and 90.3% of answers correctly. The lowest groups of ‘Risks’ was assigned to those with poor security awareness, who registered 74.2% or lower on the tests. Those people were deemed to pose a significant risk to their group and the privacy of sensitive information.
Overall, 78% of healthcare workers were classified as risks or novices. The percentage of respondents rated in these two categories across all industry groups was 70%, showing the healthcare sector still lags behind other industry areas on security awareness and privacy and security best practices.
The survey showed physicians’ understanding of privacy and security threats was particularly low. Half of physicians who took part in the study were classified as dangers, meaning their actions were a serious security threat to their group. Awareness of the common identifiers of phishing emails was particularly low, with 24% of physicians displaying a lack of understanding of phishing, as opposed to 8% of office workers and non-provider counterparts.
One of the main sectors where security awareness was lacking was the identification of the common indicators of a malware infection. 24% of healthcare workers had difficulty identifying the signs of a malware infection as opposed to 12% of the general population.
Healthcare workers registered lower scores than the general population in eight areas assessed by MediaPro: Incident reporting, identifying personal files, physical security, identifying phishing efforts, identifying the signs of malware infections, working remotely, cloud computing systems and acceptable operations of social media platforms.
MediaPro refer to the statistic that the 2017 Data Breach Investigations Report from Verizon displayed human mistakes made up more than 80% of healthcare data breaches in 2017, emphasizing the need for improved security awareness training for healthcare workers. Further, cybercriminals have been enhancing their efforts to gain access to healthcare IT networks and sensitive patient data.
MediaPro stated: “The results of our survey show that more work needs to be done. HIPAA courses often do not include information on how to stay cyber-secure in an increasingly interconnected world. Keeping within HIPAA regulations, while vital, does not educate users on how to spot a phishing attack, for example.”
If the knowledge regarding security awareness among healthcare workers is not improved, the healthcare sector is likely to continue experiencing data breaches, irrespective of the level of maturity of their security defense systems.