MediaPro Reports Lows Scores on Healthcare Sector Security Awareness

by | Feb 22, 2018

A recent MediaPro report released there is still an absence of readiness to deal with common cyberattacks and privacy and security dangers are still not fully comprehended by healthcare staff.

In MediaPro’s 2017 State of Privacy and Security Awareness Report, the firm questioned 1,009 US healthcare sector staff to assess their level of security awareness. Respondents were asked about about common privacy and security threats and were asked to give answers on many different threat scenarios to determine how they would respond to real world dangers.

Reviewing the answers, MediaPro designated respondents to one of three groups. Heroes were those who scored highly and showed a thorough understanding of privacy and security threats by answering 93.5%-100% of questions correctly. Novices showed a reasonable understanding of dangers, answering between 77.4% and 90.3% of answers correctly. The lowest groups of ‘Risks’ was assigned to those with poor security awareness, who registered 74.2% or lower on the tests. Those people were deemed to pose a significant risk to their group and the privacy of sensitive information.

Overall, 78% of healthcare workers were classified as risks or novices. The percentage of respondents rated in these two categories across all industry groups was 70%, showing the healthcare sector still lags behind other industry areas on security awareness and privacy and security best practices.

The survey showed physicians’ understanding of privacy and security threats was particularly low. Half of physicians who took part in the study were classified as dangers, meaning their actions were a serious security threat to their group. Awareness of the common identifiers of phishing emails was particularly low, with 24% of physicians displaying a lack of understanding of phishing, as opposed to 8% of office workers and non-provider counterparts.

One of the main sectors where security awareness was lacking was the identification of the common indicators of a malware infection. 24% of healthcare workers had difficulty identifying the signs of a malware infection as opposed to 12% of the general population.

Healthcare workers registered lower scores than the general population in eight areas assessed by MediaPro: Incident reporting, identifying personal files, physical security, identifying phishing efforts, identifying the signs of malware infections, working remotely, cloud computing systems and acceptable operations of social media platforms.

MediaPro refer to the statistic that the 2017 Data Breach Investigations Report from Verizon displayed human mistakes made up more than 80% of healthcare data breaches in 2017, emphasizing the need for improved security awareness training for healthcare workers. Further, cybercriminals have been enhancing their efforts to gain access to healthcare IT networks and sensitive patient data.

MediaPro stated: “The results of our survey show that more work needs to be done. HIPAA courses often do not include information on how to stay cyber-secure in an increasingly interconnected world. Keeping within HIPAA regulations, while vital, does not educate users on how to spot a phishing attack, for example.”

If the knowledge regarding security awareness among healthcare workers is not improved, the healthcare sector is likely to continue experiencing data breaches, irrespective of the level of maturity of their security defense systems.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy