50% of physicians put organizations at risk of security incident

At least half of physicians are scored in the “risk” category, meaning their actions put their organization at risk for a serious privacy or security incident, according to the 2017 State of Privacy and Security Awareness Report.

As cybersecurity incidents continue to increase in severity and occurrence, identifying how healthcare employees handle technology is crucial in reducing the trend. The report, which included survey responses from 1,009 healthcare employees, aimed to gauge the privacy and security awareness of healthcare employees.

Findings in the report include:

  • 78 percent of healthcare employees showed some lack of preparedness in handling common privacy and security threat scenarios.
  • 24 percent of physicians showed a lack of awareness on phishing emails, compared to 8 percent of non-provider workers.
  • Healthcare workers showed less knowledge about security and privacy best practices than the general population.
  • Half of physicians scored in the risk category, meaning their actions put their organizations at risk of a security incident.
  • 24 percent of healthcare employees had trouble identifying common malware signs.
  • 23 percent of respondents failed to report a variety of potential security or privacy incidents.
  • 21 percent failed to recognize some forms of personally identifiable information.
  • 24 percent chose risky options when asked about mobile computing or working remotely.

“The results of our survey show that more work needs to be done in this regard. HIPAA courses often do not include information on how to stay cyber-secure in an increasingly interconnected world. Keeping within HIPAA regulations, while vital, does not educate users on how to spot a phishing attack, for example,” concluded the report. “Additionally, mere compliance does not equate to a fully security-aware culture. In our experience, organizations of all types are best served when their whole employee population knows the importance of sound security principles. Such a state comes from multifaceted and integrated awareness programs, not just training. This is the path to a risk-aware culture within healthcare organizations of all sizes.”