Beginning January, there were around 200 breaches impacting over 500 records reported and it looks like 2019 will be break records in terms of healthcare data breaches.
Due to the high number of data breaches, Kaspersky Lab carried out a survey to acquire more familiarity regarding the state of cybersecurity of the healthcare industry. Kaspersky Lab recently released the second part of its report, which studied 1,758 healthcare specialists in America and Canada.
The study provides valuable information regarding why plenty of cyberattacks succeed. Around 32 % of the healthcare employees said they did not receive any cybersecurity training at their workplace.
It is essential for employees to undergo training in security awareness. Without such, employees would be ignorant of the cyber threats they will run into every day. Employees should have training on recognizing phishing emails and responding correctly in case of a threat. It is a HIPAA violation not to give employee training.
Although training is made available, it is normally not adequate. 11% of respondents said they were trained in cybersecurity at the start of their work but there was no further training since. 38% of participants claimed their company provides cybersecurity training annually, and 19% mentioned they were provided cybersecurity training though it seems inadequate.
32% of survey participants said they possess a duplicate of their company’s cybersecurity policy but read it only once. 1 in 10 managers does not know about their company’s security policy. 40% of U.S. healthcare workers do not know about the cybersecurity procedures enforced by their company on IT devices.
HIPAA Training would seem inadequate as well. Kaspersky Lab saw substantial gaps with regards to the employees’ knowledge of regulatory requirements. For instance, 18% of respondents didn’t know the Security Rule and only 29% of respondents correctly identified what is the HIPAA Security Rule.
Here are the Kaspersky Lab researchers’ recommendations:
Select a skilled IT workforce that understands the unique issues stumbled upon by healthcare companies and the resources needed to secure health data.
Deal with gaps between data safety and regulatory data. Leaders in IT security should provide employees with regular cybersecurity training and should be fully aware of HIPAA demands.
Conduct routine inspections of security defenses and compliance. Organizations that monitor their cyber pulse on a regular basis can identify and deal with vulnerabilities well before hacker exploitation and data breach.