MediaPro’s 2017 State of Privacy and Security Awareness Report has revealed that 24% of physicians lack awareness of phishing emails. The survey questioned more than 1,000 US healthcare employees to understand their knowledge of cybersecurity, and then compared this with the larger survey of the general population to see how they ranked.
- Healthcare workers demonstrated less knowledge about privacy and security best practices than those in the general report.
- Half of physicians fell into the ‘risk’ category, which means that their actions could cause security incidents and jeopardize their organizations.
- 24% of healthcare employees struggled to identify common signs of malware. In the larger survey, this was just 12%.
- 21% of healthcare respondents failed to recognize some forms of personally identifiable in
- Doctors were three times worse at identifying phishing emails than their non-physician colleagues and showed riskier behavior.
- On a more positive note, 22% of healthcare employees were categorized as ‘heroes’ because they showed a strong understanding of security best practices.
Although many of these findings are worrying, it’s important to remember that the healthcare industry regularly experiences data breaches. Healthcare organizations are often considered favorable targets by cyber criminals because of the volume of personal data stored.
With phishing attacks increasing in sophistication and in volume, particularly in the healthcare sector, and with awareness falling short, it is important to teach staff what to look out for. The most important line of defense against a phishing attack is the person who receives the email. If your staff can identify and correctly respond to a malicious email, the danger can be mitigated.
This survey reiterates the need for increased cybersecurity awareness for all healthcare employees, including physicians. The 2017 Identity Theft Resource Center Data Breach Report noted that there were more than five million records breached within the medical/healthcare sector in 2017.
With data breaches and security incidents becoming more of an everyday occurrence, it’s more important than ever to ensure that all employees are aware of internal security policies and procedures, as well as information security best practices. Investing in staff education is important, but it must give staff the confidence needed to deal with threats appropriately. Don’t let your staff be your downfall.
Improve cybersecurity awareness
Rolling out a comprehensive staff awareness program will give employees a clear understanding of their compliance requirements, your organization’s security policies and procedures, and information security best practice to reduce preventable mistakes. Even basic training has the potential to prevent security incidents.
To increase employee awareness cost-effectively and with minimal disruption, e-learning courses are often a preferred method. E-learning course topics include phishing, information security, and the GDPR.