Through the eyes of a cyber criminal, a medical practice or a hospital is a gold mine with an abundance of patient information stored insecurely—just waiting to be hacked, confiscated, and either sold on the black market or held for ransom. Either way, cyber criminals can make a fortune from successfully hacking a healthcare organization—and because they are all too aware of this, the healthcare industry has become their primary target.
A recent State of Privacy and Security Awareness Report surveyed over 1,000 medical professionals to better understand the cyber security awareness of healthcare sector employees. The key findings show just how poorly prepared the healthcare industry is to protect themselves against cyber criminals, and how much they could benefit from your MSP services.
Cyber Security Industry Insights: Healthcare
Below are eight of the key takeaways the report noted. If you’re an MSP servicing the healthcare vertical, these statistics make great ammo for your future sales conversations.
1. Healthcare workers showed significantly less knowledge about cyber security best practices than the general population represented in a larger scale 2017 State of Privacy and Security Awareness report.
2. 24 percent of physicians and other types of direct healthcare providers showed a lack of awareness toward phishing emails, compared to 8 percent of their non-medical field counterparts.
3. 50 percent of physicians scored in the “risk” category, which means their actions make their organizations susceptible to a serious security incident.
4. 24 percent of physicians could not identify the common signs of malware, compared to 12 percent of the respondents in the general population survey.
5. 30 percent of healthcare respondents took unnecessary risks in scenarios related to allowing others access to their office buildings. This puts the physical safety of patient files at risk.
6. Only 18 percent of healthcare employees were able to identify phishing emails. They were presented with an email from a suspicious sender with an attachment in the e-mail. 88 percent of healthcare respondents opened the attachment. Doctors were three times worse at identifying phishing emails than their non-physician counterparts.
7. 23 percent of respondents failed to identify common signs of a malware infected computer. For example, they were unable to realize that their internet browser was repeatedly sending them to the same site, regardless of the URL they entered—a very strong sign of malware.
8. 18 percent of respondents chose risky actions when presented with scenarios involving storing or sharing patient data. Many respondents thought it was acceptable to share patient data over personal emails or through insecure cloud-based platforms.
It is very clear that the healthcare industry is not properly armed to defend themselves against cyber threats. In return, cyber criminals are eager to take advantage of this. With half of the world’s physicians in the “risk” category, this can mean serious trouble for a healthcare organization including loss of patient trust, severe financial and reputational damages, and legal trouble with the HIPAA authorities.
In conclusion, healthcare sector employees have the ability to be the first layer of defense against cyber threats; and therefore, they need a comprehensive approach to security awareness training that include both security and privacy awareness. With the proper education, healthcare employees will be better suited to protect their medical practices, and most importantly their patients, from significant and severe consequences.
Handpicked for you:
By Paula Griffin
By Meaghan Moraes
By Lily Teplow