Feb 28, 2018
Many hackers are well-aware of the data-hungry nature of the healthcare system and subsequently, the value of that data. Recent findings suggests the average cost of a stolen healthcare record at $380, which is more than twice the global average of $141. While the healthcare sector has attempted to address security concerns, a recent report from MediaPro shows that nearly eight in 10 healthcare employees are not adequately prepared to defend against the most common security and privacy threats they regularly face.
To discuss the issues and what healthcare bodies can do to better protect themselves, Digital Journal spoke with Colleen Huber, Director of Cyber Education Strategy with MediaPro.
Clinics and hospitals are prime targets for cybercrime because they're filled with personal health information and personally identifiable information, both of which have tremendous value on the black market. Too often we hear about healthcare organizations dealing with data breaches, ransomware attacks, phishing scams and more.
Some of these organizations have invested in protecting the data in their servers but do the bare minimum when it comes to appropriately educating their employee population about proper security and privacy behaviors related to personal health information and personally identifiable information.
Education and reinforcement are two good places to start [when it comes to protecting the organization's data], but a larger initiative should be building a culture of security and privacy protection in your organization - that often starts at the top. The healthcare field is constantly learning new and improved ways of providing care; that mindset must be extended to ensuring the cybersecurity hygiene of healthcare employees also improves.
Awareness is the key [to staying up to date]. We work with a number of healthcare organizations that rely on our content libraries to react to emerging threats.
According to Colleen Huber's research:
- 78 percent of surveyed employees are ill-prepared to handle common privacy and security awareness scenarios they were presented with. When comparing healthcare and non-healthcare employee responses, the number of healthcare respondents who had trouble identifying common signs of malware were close to double the number of their non-healthcare counterparts.
- Out of all healthcare employees, physicians are the least prepared for cybersecurity threats, with 24 percent lacking awareness toward phishing emails, compared to 8 percent of non-providers. Ultimately, the data in our report shows how much work still needs to be done to ensure healthcare institutions are protected from cybersecurity threats.
Updating protocols and procedures, improving employee training and developing a culture of awareness are the best ways to fight cybersecurity threats, in the healthcare industry and beyond.
Source: Digital Journal (View full article)