For most, consistent visits to a physician’s office or even the hospital are an essential part of maintaining your health and wellbeing. As our world becomes more connected via IoT devices created to simplify our everyday lives, so too is the case for the largest corporate industries in the world including the healthcare industry.
One important way healthcare professionals have streamlined their profession is through the use of electronic health records (EHR) which store private patient medical records. In fact, according to the Centers for Disease Control and Prevention, nearly 86% of office-based medical physicians use electronic health records to file and store important patient health information. As healthcare providers continue to implement technology for a more integrated patient experience, the safety of patient information remains a growing concern, especially when also factoring in the risks of cyber-attacks by cybercriminals.
As of January 1, 2019, there have been over 200 hacking/IT-related healthcare organization incidents affecting 500 or more individuals in the U.S. alone according to the U.S. Department of Health and Human Services, and the number of incidents continues to grow every day. Not only is this a concern for the safety of private patient information, it is also a concern for the industry as breached healthcare providers will spend on average up to $408 per patient to recover their personal healthcare records and up to $1.75 million in advertising to help reverse reputational damages.
Regulation, Training, Awareness
These statistics are cause for concern and beg the question of the importance and awareness of cybersecurity in the healthcare industry. With this in mind, Kaspersky surveyed 1,758 employees in a variety of roles working at healthcare organizations in North America to get a better sense of the state of cybersecurity in their industry.
The survey offered several valuable insights, so many in fact that the findings were too vast to fit in one report. The first report focused on ransomware attacks in healthcare, how patient information is being protected, why it is important to consider cybersecurity in the workplace and cybersecurity confidence in the work place. Kaspersky is now issuing a second report which offers additional insights specific to healthcare industry perceptions on cybersecurity regulations, policy awareness and training.
Here’s the report’s key findings:
- Nearly a third of all respondents (32%) said that they had never received cybersecurity training from their workplace but should have.
- Nearly 1 in 5 respondents (19%) said there needed to be more cybersecurity training by their organization.
- Almost a third of healthcare IT respondents (32%) said that they are aware of their organization’s cybersecurity policy and have read it only once.
- 2 in 5 respondents (40%) of healthcare workers in North America are not aware of cybersecurity measures in place at their organization to protect IT devices.
- Nearly half of respondents (49%) said they didn’t know if Canadian patient healthcare information needed to stay in Canada.
What healthcare providers can do to protect PHI
- Hire a skilled IT security team who understand your organization’s unique security risks as well as the proper security tools required to keep your IT environment safe and secure.
- Implement ongoing cybersecurity trainings for employees of all levels, specializing the trainings based on role and the most common threats employees might be challenged with. IT security leaders should also be privy to the variety of training options that they can offer employees from bringing in a consultant, to webinar services, one-day trainings, etc.
- Establish a clear, company-wide cybersecurity policy and proactively communicate the policy to employees on a regular basis to increase awareness in order to minimize future threats.
To download the full report visit, Cyber Pulse: The State of Cybersecurity in Healthcare – Part Two.
Follow along on social media with the hashtag #KasperskyCyberPulse.