A survey of nearly 1,800 healthcare employees reveals that many industry professionals have never received cybersecurity training from their workplace, and are largely unaware of their respective organization’s cybersecurity policy.
Global cybersecurity company Kaspersky surveyed 1,758 employees in a variety of roles working at healthcare organizations—ranging from doctors and surgeons to administrative and IT staff—in North America to get a better sense of the state of cybersecurity in their industry. From the findings, a first report was released last year that focused on ransomware attacks in healthcare, how patient information is being protected, why it is important to consider cybersecurity in the workplace and cybersecurity confidence in the work place.
A second report, which offers additional insights specific to healthcare industry perceptions on cybersecurity regulations, policy awareness and training, was recently made public.
Some of the second report’s key findings include:
- Nearly a third of all respondents (32 percent) said that they had never received cybersecurity training from their workplace but should have.
- Nearly 1 in 5 respondents (19 percent) said there needed to be more cybersecurity training by their organization.
- Almost a third of healthcare IT respondents (32 percent) said that they are aware of their organization’s cybersecurity policy and have read it only once.
- Two in five respondents (40 percent) of healthcare workers in North America are not aware of cybersecurity measures in place at their organization to protect IT devices.
- Nearly half of respondents (49 percent) said they didn’t know if Canadian patient healthcare information needed to stay in Canada.
As the researchers noted, “Cybersecurity policy is a carefully researched statement written by IT decision makers about the protection of a company’s crucial physical and information assets. Its purpose is to offer guidance on how employees can preserve the security of company data and technology infrastructure as well as how to properly report any suspicious activities.”
The findings further showed that one in 10 employees in management positions saying they were not aware of a cybersecurity policy in their organization, but should be if there is one. Small organizations had the highest percentage of respondents with a reported 53 percent who were not aware of cybersecurity measures their organization had in place, as opposed to 39 percent of respondents in medium and 36 percent of enterprise companies.
The researchers offered various pieces of advice for healthcare organizations, such as hiring a skilled IT security team who understands the organization’s unique security risks as well as the proper security tools required to keep an IT environment safe and secure. They also suggested to implement ongoing cybersecurity trainings for employees of all levels, specializing the trainings based on role and the most common threats employees might be challenged with, and to establish a clear, company-wide cybersecurity policy and proactively communicate the policy to employees on a regular basis.