Healthcare Employees Lack Cybersecurity Education and Awareness

August 20, 2019

Employees of healthcare organizations in the U.S. and Canada are lacking cybersecurity education and awareness in three main areas including regulation, policy and training. Of these key areas, the most alarming statistic found that nearly a third of respondents in North America (32 percent) said that they had never received cybersecurity training from their workplace, but think they should have.

The report, “Cyber Pulse: The State of Cybersecurity in Healthcare – Part 2,” from Kaspersky, uncovers several findings that directly correlate to the increasing number of hacking and IT related incidents occurring in healthcare organizations across North America.

According to the report, nearly a fifth of U.S. respondents (18 percent) reported they did not know what the HIPAA security rule meant. In Canada, nearly half of respondents (49 percent) said they didn’t know if Canadian PHI needed to stay in Canada.

In addition to gaining insights on regulations, healthcare policy proved to be an area where healthcare professionals are also lacking in awareness as well as education. Over a fifth of respondents (21 percent) in North America admitted that they were not aware of the cybersecurity policy at their workplace. When breaking down the results by region, 34 percent of respondents in the U.S. and 27 percent of respondents in Canada said they were aware of the cybersecurity policy at their workplace, but have only reviewed it once.

Since the majority of healthcare organizations store patient information electronically, it is of paramount importance that healthcare practitioners know how their IT devices are being protected. Forty percent of all North American respondents were not at all aware of cybersecurity measures in place at their organization to protect IT devices, the report says. When examining if the size of an organization had an effect, a lack of awareness of device security increased with size with small business reporting 53 percent, medium businesses 39 percent and enterprise businesses at 36 percent.

According to the report, there is a dramatic need and desire from employees for increased cybersecurity training in their organizations. Nearly 1 in 5 respondents (19 percent) said there needs to be more cybersecurity training by their organization. When comparing the results by region, more than 24 percent of respondents in the U.S. noted they had never received cybersecurity training but should have, compared to 41 percent of respondents in Canada when asked the same question.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Join our subject matter experts as they explore how the right systems can help identify, analyze and report potential incidents and help building owners sustain compliance and create safer spaces.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Healthcare Employees Lack Cybersecurity Education and Awareness

Related Articles

Related Events

Report Abusive Comment