Since January, about 200 breaches involving over 500 records were reported and it seems that 2019 will be another record year when it comes to healthcare data breaches.
Because of the increase in data breaches, Kaspersky Lab conducted a survey to get more understanding about the healthcare industry’s state of cybersecurity. Kaspersky Lab recently published part two of its report, which surveyed 1,758 healthcare experts in the U.S. and Canada.
The study gives useful information into why a lot of cyberattacks are becoming successful. About 32 % of surveyed healthcare personnel said they never underwent any cybersecurity training at work.
It is important for employees to have security awareness training. Without it, employees would be unaware of certain cyber threats that they will come across each day. Employees need to be trained on how to recognize phishing emails and respond appropriately when a threat is identified. Not providing employee training violates HIPAA.
Even though employee training is given, it is usually not enough. According to 11% of respondents, they had cybersecurity training at the beginning o their work however they did not get additional training since. 38% of respondents said they have cybersecurity training every year, and 19% said they had cybersecurity training however they don’t feel the training was enough.
32% of survey respondents said they have a copy of their company’s cybersecurity policy although they only read it one time. 1 in 10 managers was unaware of the cybersecurity policy of their company. 40% of U.S. healthcare employees were not aware of the cybersecurity schemes imposed on IT devices at their company.
HIPAA Training seems to be inadequate also. Kaspersky Lab saw considerable gaps when it comes to the employees’ understanding of regulatory demands. For example, 18% of respondents did not know about the Security Rule and only 29% had identified correctly the what is the HIPAA Security Rule.
Here are the recommendations of the Kaspersky Lab researchers:
- Appointment of a skilled IT team that knows about the distinct challenges encountered by healthcare companies and the tools required to protect health data.
- Address gaps between data security and regulatory information. Leaders in IT security must make sure that each employee gets regular cybersecurity training and fully understands HIPAA requirements.
- Perform regular checks of security protection and compliance. Organizations that check their cyber pulse regularly can recognize and handle vulnerabilities before hackers could exploit them and cause a costly data breach.