One-Fifth of Healthcare Organizations Do Not Enforce Cybersecurity Protocols
A recent Salesforce survey revealed some of the security gaps that exist in healthcare organizations, even those that have a security-first culture. The survey revealed only one-fifth of healthcare organizations enforce their cybersecurity protocols and only two-fifths of healthcare workers look at their security protocols before using new tools or technology.
The Salesforce survey was conducted on April 13, 2023, on 400 healthcare workers in the United States who were asked questions about cybersecurity and policies and procedures at their organizations. 57% of surveyed workers said their job has become more digitized over the past two years, which means more data than ever now needs to be protected. There is a common myth that cybersecurity is the sole responsibility of the IT department; however, a majority of the respondents were aware that cybersecurity is a shared responsibility. 76% of healthcare respondents agreed that it is their responsibility to keep data safe, yet despite being aware of the need to protect data, many workers admitted to not always following cybersecurity best practices.
22% of respondents said their organization does not strictly enforce cybersecurity protocols, and 31% of respondents said they were unsure what they should do in the event of a breach. While more than two-thirds of workers (67%) said they have a security-first culture at work, 31% of respondents said they are not very familiar with their company’s security policies and processes and only 39% of workers check security protocols before trying new tools or technology.
There appears to be a lack of understanding about security risks associated with connected devices such as phones and laptop computers, with only 40% of surveyed workers believing they pose a security risk and 48% thinking their personal devices were as secure as their work devices. 46% of workers said they have accessed work documents on their personal devices. A large number of healthcare workers implicitly trust their work devices, with 61% of workers saying that if something could be accessed on their work device it must be safe.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
These are issues that can be tackled through security awareness training, but the message does not appear to be getting through as 70% of respondents said they are given training on how to keep data safe. While an increasing number of organizations understand the importance of providing security awareness training to the workforce, there is room for improvement as those training courses are not proving to be as effective as they should be. Only 54% of respondents said their training was efficient and 19% said training is generic and not relevant to their job.
One-third of workers (33%) said they use the same passwords for their personal and work accounts, 25% of surveyed workers admitted to clicking a suspicious link in an email at work, only 42% of workers report all suspicious emails to their security team, 19% do not always use VPN when conducting work online, and only 39% of workers always use multi-factor authentication.
The survey shows that while healthcare organizations are taking steps to develop a security culture, more needs to be done to get the message across that security best practices must always be followed. Improving the efficiency of training can help to get employees on board, such as implementing a modular training course and tailoring the training for specific roles to ensure it is relevant. The survey also suggests healthcare organizations could do a lot more when it comes to enforcing security policies.
