According to the latest data in the 2019 HIMSS Cybersecurity Survey, the healthcare industry is keenly aware they are a target, and are taking steps to reduce the risk of successful attack.
With the healthcare industry being the number one target of successful data breaches, the way this industry responds can serve as a case study of how other verticals should be working to address the threat of cyberattack.
According to the HIMSS data, attacks on healthcare are well-defined:
- 74% of healthcare organizations have experienced one or more “significant” security events in the last 12 months
- 56% of incidents involved external bad actors
- 59% of attacks originated with email
Because of the inevitability of attack, and the known attack vectors, healthcare organizations are doing more to prepare:
- 96% conduct some degree of security risk assessments
- 72% adopted new or improved security measures
- 69% drafted, revised, and/or tested policies and procedures
- 82% of organizations perform some degree of phishing testing
The only aspect of their security strategy we can see that’s missing is the need for Security Awareness Training. According to the report, the importance of employees being “knowledgeable about policies & procedures” ranked 3.54 on a scale of 1 to 5 (with 5 being the highest). But, nowhere in the report is any mention of educating users to be aware of cyber attacks, their tactics, the use of social engineering, and how to identify suspicious email and web content before becoming a victim.
By adding this training to the already layered security strategy, healthcare organizations can include the user themselves as another a security asset, helping to thwart attacks focused on tricking users into becoming victims.