Almost a third of healthcare workers haven't had cybersecurity training
Because of the volumes and types of data that it holds the healthcare industry is a prime target for cybercriminals.
So it's a little concerning that a new survey of healthcare staff from Kaspersky shows 32 percent of respondents in North America say that they have never received cybersecurity training from their workplace.
The report also shows a lack of awareness of the federal regulations, in both the US and Canada, in place to keep patient information safe and secure. According to the report, nearly a fifth of US respondents (18 percent) report they don't not know what the HIPAA security rule means. In Canada, nearly half of respondents (49 percent) say they don't know if Canadian PHI needed to stay in Canada.
There's a lack of awareness of security measures too, with 40 percent of all North American respondents not at all aware of cybersecurity measures in place at their organization to protect IT devices. When examining if the size of an organization had an effect the study shows that a lack of awareness of device security increases with size with small business reporting 53 percent, medium businesses 39 percent and enterprise businesses at 36 percent.
Nearly one in five respondents (19 percent) say there needs to be more cybersecurity training by their organization. When comparing the results by region, over 24 percent of respondents in the US say they have never received cybersecurity training but should have, compared to 41 percent of respondents in Canada when asked the same question.
"In addition to regulation and policy awareness, training remains an essential part in keeping healthcare organizations safe from potential breaches," says Rob Cataldo, vice president of US enterprise sales at Kaspersky. "Ongoing training must be implemented for employees so they have a better understanding of what to look for and the actions to take should they find something suspicious. Cybersecurity awareness training is key to promoting an employee culture of vigilance where employees take pride and do their part to protect their patients and overall organization."
You can read more on the Kaspersky blog.