Five Key Findings about Privacy and Security Awareness in the Healthcare Industry

April 1, 2021
April 1, 2021

This guest blog post comes from our partner MediaPro, a learning services company that specializes in the areas of information security, data privacy, compliance, and custom online courseware.

Hospitals and other healthcare organizations have proven nearly irresistible to cybercriminals in recent years.

The 2017 Verizon Enterprises Data Breach Investigations Report (DBIR) found that 72% of malware incidents impacting the healthcare industry involved ransomware. The 2017 DBIR also found that human mistakes accounted for 80% of the breaches in the healthcare industry.

We think a deeper understanding of the average healthcare employee’s knowledge of cybersecurity and data privacy best practices is warranted, given that staff must make sure patients’ protected health information (PHI) and other sensitive data is kept secure.

Privacy and Security Awareness Need to Be Improved

We used the survey that underpinned our 2017 State of Privacy and Security Awareness report to gauge the privacy and security awareness of healthcare sector employees. We surveyed 1,009 healthcare employees in the U.S. and compared these results against the broader sample of employed adults in our larger report. Overall, we found that 78% of healthcare employees showed at least some lack of preparedness to handle common privacy and security threat scenarios that were presented.

Five Key Findings about Healthcare Staff and Cybersecurity

Here are five key findings from our survey that every security leader at a hospital, clinic, or other healthcare institution needs to know:

  1. Healthcare workers showed less knowledge about security and privacy best practices than the general population represented in our larger 2017 state of privacy and security awareness report.
  2. 24% of physicians and other types of direct healthcare providers showed a lack of awareness toward phishing emails, compared to 8% of their nonprovider counterparts, such as office workers.
  3. Half of physicians scored in the “risk” category, meaning their actions could put their organizations at serious threat of a privacy or security incident.
  4. Almost double the amount of healthcare employees (24%) had trouble identifying a handful of common signs of malware, compared to the respondents in our general population survey (12%).
  5. 22% of healthcare employees overall scored into the “hero” category, meaning they showed a strong understanding of security and privacy best practices.

Find additional analysis of our healthcare employee survey, including breakdowns of physicians vs. non-provider coworkers and comparisons to our general population via the infographic linked  here.