Healthcare pros surprisingly get very little security awareness training. Only 38 percent of these employees get security training at least twice a year -- 49 percent get training once a year, 7 percent only when they are first hired, and 6 percent received no security awareness training at all.
It looks like healthcare organizations first need to get hacked before they get the message that it could have been prevented. There seems to be a "it can't happen to me" attitude. A recent Trustwave study called "2015 Security Health Check Report" shows some worrying numbers.
Insufficient awareness training creates a large attack surface for health care organizations, and this is proven by the large number of health care breaches. In the past two years, hackers have stolen data from 81 percent of hospitals and health insurance companies, according to a report released by KPMG.
The health care records value is so much higher (10x) because the lifespan of these records is measured in years, as opposed to credit card numbers where the lifespan is months, if that. The study shows that both technical and non-technical employees are aware of the risks to their industry in general. More than 90 percent of technical staff and 77 percent of non-technical staff thought that cybercriminals were increasingly targeting health care organizations.
Trustwave's Steve Kelley stated: "Annual vulnerability testing and annual security awareness programs really aren't enough to maintain a fully secure posture in what's becoming one of the biggest consumer data issues and privacy data issues in the world."
KnowBe4 agrees. It is loud and clear that effective security awareness training is a must. Find out how affordable that is for your organization and be pleasantly surprised.
Related Pages: Security Awareness Training