Healthcare providers are among the most frequently breached organizations, but this might be about to change. Over the past three years, organizations in the industry have allocated greater resources to cybersecurity, according to HIMSS’s Future Proofing Healthcare: Cybersecurity report. It adds that the number of healthcare providers allocating more than 10% of their overall IT budgets to cybersecurity has increased by 139%.
“CEOs and CFOs are now much more aware of the impact not investing in cybersecurity has on their organizations,” said Michael Leonard, a senior director at Commvault, which sponsored the study.
“Healthcare IT professionals are putting cybersecurity concerns in front of CEOs and CFOs to make a case for the budget that they need. There’s no way around that. They are elevating the issue high enough in the organization so they can get the resources required,” he added.
Staff awareness is a top priority
Organizations’ biggest cybersecurity concern is staff awareness, and they have been investing heavily in training courses. However, the effects of this increased spending aren’t yet obvious, with 43% of respondents saying they have fallen victim to a malware or ransomware attack in the past year.
And even though many respondents have already been the victim of an attack, 47.5% said they weren’t confident in their organization’s ability to defend against attacks in the future.
This is concerning, because it suggests that the time and effort spent training staff isn’t working. There are many reasons for this, but it’s probably because the awareness training isn’t relevant to the organization’s needs or the resources simply aren’t very good.
It can be relatively simple to reduce malware and ransomware attacks on your organization, so it’s frustrating that they remain so prevalent. The right combination of technological defenses, policies, and staff education can keep organizations secure.
“When you look at a particular event such as malware being delivered through email, you have to teach employees that this is what a suspicious email looks like, and you have to educate them to eliminate the behavior that would lead them to clicking on the dangerous malware,” said Mike Feld, acting chief technology officer at Temple University Health System.
“At the same time, organizations need to then ‘layer in’ the appropriate technology so they can say to employees, ‘You have to pay attention to your email, but we’re going to do our best to eliminate certain components and likely types of email that you might see,’” he added.
Get staff training right
There are a variety of ways you can help your staff better prepare for malware and ransomware attacks.
You can begin with our Phishing and Ransomware – Human patch e-learning course. Malware and ransomware are often delivered via phishing emails, and this ten-minute course teaches your employees the basics of how to avoid falling victim to such attacks.
For more comprehensive advice on preventing phishing attacks, you should take a look at our Phishing Staff Awareness Course. This course helps employees identify and understand phishing scams, explains what happens when they fall victim, and shows them how they can mitigate the threat of an attack.
If you pair this course with our Simulated Phishing Attack, you can see how much information your employees retained. We’ll send a phishing attack to your company (obviously without the malicious payload) and give you an independent assessment of your employees’ susceptibility to an attack. It also benchmarks your security awareness campaigns and helps you:
- Satisfy compliance and regulatory requirements
- Adapt future testing to areas and employees of greatest risk
- Reduce the number of employee clicks on malicious emails
You might also be interested in our phishing infographic. This guide outlines the various forms that phishing attacks can take, explains the damage they can cause, and provides an annotated example of a scam email, showing you what to look out for.