Many Healthcare Pros Unaware of Organizations' Cybersecurity Policies, Don’t Receive Training

Aug. 26, 2019
The report is the second one from cybersecurity company Kaspersky that looked into an array of industry trends

A survey of nearly 1,800 healthcare employees reveals that many industry professionals have never received cybersecurity training from their workplace, and are largely unaware of their respective organization’s cybersecurity policy.

Global cybersecurity company Kaspersky surveyed 1,758 employees in a variety of roles working at healthcare organizations—ranging from doctors and surgeons to administrative and IT staff—in North America to get a better sense of the state of cybersecurity in their industry. From the findings, a first report was released last year that focused on ransomware attacks in healthcare, how patient information is being protected, why it is important to consider cybersecurity in the workplace and cybersecurity confidence in the work place.

A second report, which offers additional insights specific to healthcare industry perceptions on cybersecurity regulations, policy awareness and training, was recently made public.

Some of the second report’s key findings include:

  •     Nearly a third of all respondents (32 percent) said that they had never received cybersecurity training from their workplace but should have.
  •     Nearly 1 in 5 respondents (19 percent) said there needed to be more cybersecurity training by their organization.
  •     Almost a third of healthcare IT respondents (32 percent) said that they are aware of their organization’s cybersecurity policy and have read it only once.
  •     Two in five respondents (40 percent) of healthcare workers in North America are not aware of cybersecurity measures in place at their organization to protect IT devices.
  •     Nearly half of respondents (49 percent) said they didn’t know if Canadian patient healthcare information needed to stay in Canada.

As the researchers noted, “Cybersecurity policy is a carefully researched statement written by IT decision makers about the protection of a company’s crucial physical and information assets. Its purpose is to offer guidance on how employees can preserve the security of company data and technology infrastructure as well as how to properly report any suspicious activities.”

The findings further showed that one in 10 employees in management positions saying they were not aware of a cybersecurity policy in their organization, but should be if there is one. Small organizations had the highest percentage of respondents with a reported 53 percent who were not aware of cybersecurity measures their organization had in place, as opposed to 39 percent of respondents in medium and 36 percent of enterprise companies.

The researchers offered various pieces of advice for healthcare organizations, such as hiring a skilled IT security team who understands the organization’s unique security risks as well as the proper security tools required to keep an IT environment safe and secure. They also suggested to implement ongoing cybersecurity trainings for employees of all levels, specializing the trainings based on role and the most common threats employees might be challenged with, and to establish a clear, company-wide cybersecurity policy and proactively communicate the policy to employees on a regular basis.

Sponsored Recommendations

State of the Market: Transforming Healthcare; Strategies for Building a Resilient and Adaptive Workforce

The U.S. healthcare system is facing critical challenges, including workforce shortages, high turnover, and regulatory pressures. This guide highlights the vital role of technology...

How AI-Native Locating Intelligence Revolutionizes the RTLS market

Discover how leveraging an RTLS solution with artificial intelligence as the location engine can increase efficiency, improve safety, and elevate care without the compromises ...

Harnessing the True Power of Cultural, Clinical and Operational Data

Optimize healthcare performance by combining clinical, operational, and cultural insights. A deeper understanding of team factors improves care and resource management.

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...