50% of physicians put organizations at risk of security incident
Cara Livernois | February 09, 2018 | Health Exec | Cybersecurity

At least half of physicians are scored in the “risk” category, meaning their actions put their organization at risk for a serious privacy or security incident, according to the 2017 State of Privacy and Security Awareness Report.

As cybersecurity incidents continue to increase in severity and occurrence, identifying how healthcare employees handle technology is crucial in reducing the trend. The report, which included survey responses from 1,009 healthcare employees, aimed to gauge the privacy and security awareness of healthcare employees.

Findings in the report include:

  • 78 percent of healthcare employees showed some lack of preparedness in handling common privacy and security threat scenarios.
  • 24 percent of physicians showed a lack of awareness on phishing emails, compared to 8 percent of non-provider workers.
  • Healthcare workers showed less knowledge about security and privacy best practices than the general population.
  • Half of physicians scored in the risk category, meaning their actions put their organizations at risk of a security incident.
  • 24 percent of healthcare employees had trouble identifying common malware signs.
  • 23 percent of respondents failed to report a variety of potential security or privacy incidents.
  • 21 percent failed to recognize some forms of personally identifiable information.
  • 24 percent chose risky options when asked about mobile computing or working remotely.

“The results of our survey show that more work needs to be done in this regard. HIPAA courses often do not include information on how to stay cyber-secure in an increasingly interconnected world. Keeping within HIPAA regulations, while vital, does not educate users on how to spot a phishing attack, for example,” concluded the report. “Additionally, mere compliance does not equate to a fully security-aware culture. In our experience, organizations of all types are best served when their whole employee population knows the importance of sound security principles. Such a state comes from multifaceted and integrated awareness programs, not just training. This is the path to a risk-aware culture within healthcare organizations of all sizes.”

""
Cara Livernois, News Writer

Cara joined TriMed Media in 2016 and is currently a Senior Writer for Clinical Innovation & Technology. Originating from Detroit, Michigan, she holds a Bachelors in Health Communications from Grand Valley State University.

Related Content

Six hospital groups urge UnitedHealth to take responsibility for Change Healthcare hack notifications
Ascension experiences disruption of operations after 'cybersecurity event'
AMA says Change Healthcare breach is crippling independent practices
Breached Change Healthcare server lacked multifactor authentication, UnitedHealth CEO admits
Kaiser Permanente exposed data on 13.4 million members to tech companies
Hackers were inside Change Healthcare’s systems 9 days before attack

Design by Adaptive Theme
Trimed Popup
Trimed Popup