Just a quarter (28%) of US healthcare professionals have the requisite security and privacy skills needed to help prevent data leaks, according to new data from MediaPro.
The security awareness firm polled 850 employees in the sector across the United States and rated 18% as a “risk”, meaning their lack of awareness could put their organization in danger of suffering a serious incident.
A further 54% were rated “novice”, which meant they underwhelmed in five key areas: access controls; phishing prevention; malware warning signs; cloud computing and acceptable use of social media.
Only 28% were given “hero” status, which is concerning given employee behavior can mean the difference between a hefty fine and damaged reputation, and a contained incident.
Some 69% of healthcare organizations told MediaPro they feel more at risk than those in other sectors because of negligent or careless employees.
Although nearly two-thirds (61%) have adopted best practice frameworks like the NIST Cybersecurity Framework, there’s a danger that organizations in the sector are simply following a tick box approach to HIPAA compliance without thinking about the bigger picture, the firm said.
Breaches in the industry increased 63% from 2015 to 2016, according to some estimates.
A Ponemon Institute study from 2016 claimed that healthcare breaches now cost the US $6.2bn each year.
It found that 89% of healthcare organizations had experienced data breaches over the previous two years, while 79% experienced multiple data breaches.
Part of the reason could be the growing appetite for Electronic Health Records (EHRs), which can be used to commit follow-on fraud such as buying prescription drugs, applying for medical insurance and creating new birth certificates, according to Trend Micro.
Its latest report on the industry claimed Canada (53%) and the US (36%) are the two countries with the highest number of exposed healthcare organizations in the world.