According to the latest data in the 2019 HIMSS Cybersecurity Survey, the healthcare industry is keenly aware they are a target, and are taking steps to reduce the risk of successful attack.
With the healthcare industry being the number one target of successful data breaches, the way this industry responds can serve as a case study of how other verticals should be working to address the threat of cyberattack.
According to the HIMSS data, attacks on healthcare are well-defined:
Because of the inevitability of attack, and the known attack vectors, healthcare organizations are doing more to prepare:
The only aspect of their security strategy we can see that’s missing is the need for Security Awareness Training. According to the report, the importance of employees being “knowledgeable about policies & procedures” ranked 3.54 on a scale of 1 to 5 (with 5 being the highest). But, nowhere in the report is any mention of educating users to be aware of cyber attacks, their tactics, the use of social engineering, and how to identify suspicious email and web content before becoming a victim.
By adding this training to the already layered security strategy, healthcare organizations can include the user themselves as another a security asset, helping to thwart attacks focused on tricking users into becoming victims.