Healthcare Industry Employees Still Lack Understanding of the Best Security Practices

Wombat Security recently published Beyond the Phish Report, which revealed the lack of understanding healthcare employees on common security threats. The report was a compilation of data from customers and end users who answered about 85 million questions across 12 categories and 16 industries.

The respondents of the Q&A were asked about the best security practices that would help prevent ransomware attacks, phishing attacks and malware installations. The established level of expertise of the respondents when it comes to protecting confidential information, securing mobile devices, defending against email and web-based scams, identifying physical risks, working safely in remote locations, using strong passwords, disposing of sensitive information securely, and using social media and the web securely were also studied.

By and large, the healthcare industry had the second worst performance in security awareness. The hospitality industry had the third worst performance. The survey highlighted several areas of weakness that cybercriminals could potentially exploit to gain access to sensitive data and healthcare networks. Despite the requirement of the HIPAA that healthcare employees be trained in security awareness, the respondents still registered a high percentage of incorrect answers when asked about identifying phishing emails, disposing properly of sensitive information and protecting mobile devices with sensitive information.

Based on the results of the Q&A, healthcare employees had the following percentage of incorrect answers on the respective topics/areas:

  • Secure disposal of PHI – 28% incorrect answers
  • Protection of mobile devices with sensitive information – 27% incorrect answers
  • Protection of confidential information – 26% incorrect answers
  • Identification of common security issues and safe internet usage – 21% incorrect answers

Overall, the healthcare industry respondents had 23% of incorrect answers, just like the manufacturing industry and professional services. The average percentage of incorrect answers across all the industries is 19%. Respondents from the healthcare industry registered the best performance on two areas – using safe and strong passwords with 12% incorrect answers and identifying and preventing ransomware attacks with 10% incorrect answers.

With the data available through this report, it is hoped that the information security professionals will consider more ways of evaluating their organization’s vulnerabilities and develop better training programs to equip employees with the best cybersecurity practices leading to lower cybersecurity risks.