A recent report by security vendor Kaspersky highlights how healthcare organizations are at risk of cyberattack – and how a lack of training is responsible.
Healthcare organizations are the second highest industry to experience data breaches (just under the public sector). With 74% of healthcare organizations also having experienced a significant security incident in the last 12 months, you’d think they have their act together when it comes to a layered security strategy that includes educating users.
Healthcare data is valuable to cybercriminals that want to commit fraud, identity theft, and data theft; the data in a healthcare organization has so many different forms of value, depending on the intended crime.
So, it’s absolutely critical that healthcare organizations put employees through continual Security Awareness Training to educate them on both why it’s important for the employee to participate in organizational security and how they can make a difference through being vigilant when interacting with email and the Internet.
But, according to Kaspersky’s Cyber Pulse: The State of Cybersecurity in Healthcare – Part Two report, healthcare organizations aren’t taking the need to include their users seriously:
- Only 5% of U.S. healthcare employees receive awareness training monthly. That number drops to only 2% in Canadian healthcare organizations
- More than one-third (36%) of U.S. healthcare employees are aware of cybersecurity measures in place within their organization. That number jumps to 46% in Canada.
- Only half (51%) of U.S. healthcare employees are both aware of a workplace cybersecurity policy and have read it at least once. The number drops to 40% in Canada.
Healthcare is obviously missing the mark, as users are the weakest link in an organization’s security strategy. Educating them on how to spot suspicious email and web content and to avoid becoming a victim of a cyberattack is a necessary part of any healthcare organization’s security strategy. Putting employees through continual Security Awareness Training is the answer.