There have been a minimum of 200 breaches of greater than 500 records reported since January and 2019 looks set to be another record-breaking 12 months for healthcare data breaches.
The ongoing rise in data breaches lead to Kaspersky Lab completing a survey to ascertain more about the state of cybersecurity in healthcare. Kaspersky Lab has now released the second part of its report from the survey of 1,758 healthcare workers in the United States and Canada.
The study gives valuable insights into why so many cyberattacks are succeeding. Almost a third of surveyed healthcare workers (32%) said they have never been given cybersecurity training at work.
Security awareness training for employees is crucial. Without no training provided, employees are likely to be unaware of some of the cyber threats that they will meet on a daily basis. Employees must be shown how to identify phishing emails and advised of the correct response when a threat is discovered. The failure to conduct training is a breach of HIPAA.
Even when training is given, it is often not adequate. 11% of respondents said they were given cybersecurity training when they began work but had not received any training since. 38% of workers said they were given cybersecurity training every year, and a fifth (19%) of healthcare employees said they had been given cybersecurity training but did not feel they had been trained adequately.
32% of respondents said they had been given a copy of their group’s cybersecurity policy but had only reviewed it once and 1 in 10 managers were not aware if their company had a cybersecurity policy. 40% of healthcare staff in the United States were unaware of the cybersecurity measures protecting IT devices at their group.
Training on HIPAA also appears to be lacking. Kaspersky Lab found significant gaps in employees’ knowledge of regulatory requirements. For example, 18% of respondents were unaware what the Security Rule meant and only 29% of respondents were able to define the correct meaning of the HIPAA Security Rule.
Kaspersky Lab experts recommend hiring a skilled IT team that understands the unique dangers faced by healthcare groups and has knowledge of the tools that are required to keep protected health information safe and secure.
It is also vital to repair data security and regulatory knowledge gaps. IT security leaders must make sure that all members of the workforce receives regular cybersecurity training and is fully conscious of the obligations of HIPAA.
It is also important to carry out regular assessments of security defenses and compliance. Companies that fail to constantly review heir cyber pulse can identify and address flaws before they are exploited by hackers and cause an expensive data breach.