Phishing has frightening implications for all of us—for our bank accounts, our credit worthiness, and our most private information—our healthcare data. But recent events have made it clear that phishing has some particularly severe consequences for healthcare organizations. So how do we prepare ourselves to defend against phishing attacks? More importantly, given that employees are the frontline in our defense against these kinds of attacks, how do we train employees to recognize and avoid the threats?
HealthStream interviewed Steven Conrad, Managing Director of MediaPro, to learn more about how healthcare organizations can defend against this type of cyberattack. Conrad has experience in improving organizational performance through effective learning solutions and has also worked at the strategic level with many organizations to determine how technology can be leveraged to improve human performance and protect organizations from cyberattacks.
What Makes Us Vulnerable?
When asked about employee readiness to defend against a breach, Conrad points to the results of a recent MediaPro survey that showed just 28% of healthcare employees demonstrated the privacy and security awareness necessary to prevent incidents that could lead to a breach. Of the 850 healthcare employees surveyed, the majority (72%) were rated a “security risk” or “novice” based on their survey responses, demonstrating a clear need for better training (Schwartz, 2017).
Conrad believes that the most susceptible organizations are the ones that fail to direct their focus and resources to where their organizations are really the most vulnerable–their people. Conrad says, “The hardware and software technology is great and is very effective, but now we need to focus on the human element and ensure that we are educating employees to properly protect data and reduce risk.” In healthcare, the biggest payout is by blocking access to data—in other words ransomware. Conrad says, “If a bad actor can lock down their files, they’re going to pay up and they’re going to pay up fast.”
Conrad cites several reasons healthcare is particularly vulnerable to cyberattacks. For one thing, healthcare simply doesn’t have the resources to protect themselves like other industries. Additionally, there is a relatively high employee turnover rate in healthcare, making training more complicated. It’s also an industry with a lot of very time-sensitive and critical data that is spread across multiple locations ranging from the inpatient setting to ancillary locations and physician offices.
Physicians and their office staff are key targets for ransomware and phishing attacks. Conrad explains, “They work in a fast-paced environment that values patient satisfaction. Because of this, they may look to respond quickly to a phishing email attempt and miss the warning signs. A hasty decision, made with good intentions, can easily lead to very severe consequences.”
This blog post excerpts an article in our complimentary eBook, Workforce Readiness: Preparing Today for Tomorrow’s Unknown. Download it here.
Schwartz, J. (2017). “Infographic: 2017 Privacy and Security Awareness in Healthcare,” MediaPro, https://www.mediapro.com/blog/infographic-2017-privacy-security-awareness-healthcare/
HealthStream’s learning management system and comprehensive suite of competency management tools empower your healthcare workforce to deliver the best patient care.View All Learning & Performance
When you enact HealthStream's quality compliance solutions, you can do so with the confidence your healthcare organization will meet all standards of care.View All Quality & Compliance
Fulfill compliance requirements with a variety of programs and courseware designed to address critical regulatory requirements as well as educate staff to recognize and mitigate risks.View All Products
HealthStream offers professional training and education on how to best optimize your reimbursement process within your healthcare organization.View All Reimbursement
Improve the preparedness of your staff, increase survival rates, and cut costs with the advanced resuscitation training services from HealthStream.View All Resuscitation
Expand the decision-making skills and effectiveness of your healthcare workforce with HealthStream's clinical development programs and services.View All Clinical Development
Delivers everything you need to request, gather, and validate information about a provider to create a single source of truth for downstream processes.View All Credentialing
Make sure your healthcare staff can schedule out appointments and work schedules with ease using HealthStream's line of software solutions.View All Scheduling & Capacity Management