78 Percent of Healthcare Workers Lack Data Privacy, Security Preparedness

Recent research indicates better data privacy and security employee training programs will help healthcare organizations as they work to keep pace against cyberthreats, reports HealthIT Security. MediaPro's 2017 State of Privacy and Security Awareness Report found 70 percent of employees in numerous industries lack awareness to stop preventable cyberattacks, while 78 percent of healthcare employees exhibited a lack of readiness with common privacy and security threat scenarios. About 25 percent of physicians and other types of direct healthcare providers were unaware of phishing email, as were 8 percent of non-provider employees. In addition, 24 percent of healthcare employees had difficulty identifying common signs of malware. "Beyond training geared toward HIPAA compliance, healthcare employees need a comprehensive approach to awareness education that includes security and privacy awareness," say the MediaPro researchers. "Keeping within HIPAA regulations, while vital, does not educate users on how to spot a phishing attack, for example. Additionally, mere compliance does not equate to a fully security-aware culture." Healthcare employees also were found to be more unaware than the general population in terms of physical security, with 33 percent of healthcare workers taking unnecessary risks in scenarios related to permitting others access to their office buildings. "Organizations of all types are best served when their whole employee population knows the importance of sound security principles," the researchers note. "Such a state comes from multifaceted and integrated awareness programs, not just training."