HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Study Reveals Healthcare Industry Employees Struggling to Understand Data Security Risks

The recently published Beyond the Phish Report from Wombat Security, now a division of Proofpoint, has revealed healthcare employees have a lack of understanding of common security threats.

For the report, Wombat Security compiled data from nearly 85 million questions and answers posed to customers’ end users across 12 categories and 16 industries.

Respondents were asked about security best practices that would help them avoid ransomware attacks, malware installations, and phishing attacks and established the level of expertise at protecting confidential information, defending against email and web-based scams, securing mobile devices, working safely in remote locations, identifying physical risks, disposing of sensitive information securely, using strong passwords, and safe use of social media and the web.

Overall, the healthcare industry performed second worst for security awareness, just ahead of the hospitality industry, with the survey highlighting several areas of weakness that could potentially be exploited by cybercriminals to gain access to healthcare networks and sensitive data.

Respondents from the healthcare sector performed poorly in several areas, registering a relatively high percentage of incorrect answers related to identifying phishing emails, securely disposing of sensitive information, and protecting mobile devices and sensitive information stored on those devices.

Even though HIPAA requires healthcare employees to dispose of PHI securely, 28% of questions in this area were answered incorrectly. 27% of questions about protecting mobile devices and information were answered incorrectly, as were 26% of questions relating to the protection of confidential information, and 21% of questions on the identification of common security issues and safe use of the Internet.

Overall, respondents from the healthcare industry answered 23% of questions incorrectly, on a par with the manufacturing industry and professional services. Only hospitality industry employees performed worse. The average percentage of incorrect answers across all industry sectors was 19%.

Areas where respondents from the healthcare industry performed best were the use of safe, strong passwords and the identification and prevention of ransomware attacks, with just 12% and 10% of questions answered incorrectly.

“Our hope is that by sharing this data, infosec professionals will think more about the ways they are evaluating vulnerabilities within their organizations and recognize the opportunity they have to better equip employees to apply cybersecurity best practices and, as a result, better manage end-user risk,” said Joe Ferrara, Wombat General Manager.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.