Accenture Cyber Security Survey: 18% of Health Employees Would Sell Confidential Data

Those who said they were willing to sell the data would do so for as little as between $500 and $1,000.

Alexandia Wilson at HealthLeadersMedia had some disconcerting news. "Patients trust their healthcare providers to keep their data safe, but according to a new survey, that trust might sometimes be misplaced.

The Accenture survey found that nearly one in five health employees (18%) said they would be willing to sell confidential data to unauthorized parties. In fact, the respondents who said they were willing to sell the data would do so for as little as between $500 and $1,000.

Accenture surveyed 912 qualified employees of health providers (601) and payer organizations (311) from the United States and Canada. All the respondents had access to digital health data, including personally identifiable information, payment card information, and protected health data.

This stands in sharp relief to the 88% of consumers in a separate Accenture survey who said they trust their physicians or other healthcare providers to keep digital healthcare data secure.

The new survey of healthcare employees found that respondents from provider organizations were significantly more likely than those in payer organizations to say they would sell confidential data (21% vs. 12%).

This includes selling login credentials, installing tracking software, and downloading data to a portable drive, among other actions.

In addition, health employees’ willingness to sell confidential data is not just hypothetical: 24% of the respondents said they actually know of someone in their organization who has sold their credentials or access to an unauthorized outsider.

Despite the willingness to sell data, nearly all (97%) of the respondents said they understand their organization’s explanation of data security and privacy. Plus, 88% of respondents said that their organization provides security training, and most of that training is mandatory.

Yet of those who receive security training, 19% said they would be willing to sell confidential data, and 21% who said they keep their user name and password written down next to their computer.

Those numbers are actually higher for those who receive frequent training.

Of the employees who receive quarterly training, 24% said they write down their user names and passwords and 28% said they are willing to sell confidential data. According to Accenture, this suggests that it’s the quality of the training that matters, not the frequency or quantity.


Topics: Cybersecurity

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews