By Tomáš Foltýn
Almost one in five (18%) employees in the
healthcare industry in the United States and Canada said that they would be
willing to give access to confidential medical data about patients to an
unauthorized outsider for financial gain, a survey for Accenture has revealed.
They would expect no more than $500 to $1,000 for
their login credentials or for deliberately installing tracking software or
downloading the data to a portable drive.
The remaining 82% said that no amount of money
would make them sell the records, according to the survey, called Losing the
Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workforce Survey on
Cybersecurity.
The problem was particularly acute among provider
organizations, as opposed to payer organizations (21% vs. 12%). Also, and
perhaps counterintuitively, staff with more frequent cybersecurity training
were more inclined to such practices.
In addition, this way of compromising patient data is not a purely hypothetical phenomenon. Roughly
one in four (24%) respondents said that they were actually aware of a co-worker who had made a profit by providing a third party
with access to such information.
Accenture noted that such conduct contributes to
the fact that healthcare organizations in seven countries spent an estimated
$12.5 million each, on average, dealing with impacts of cybercrime in 2017. The
figure comes from the firm’s report called 2017 Cost of Cyber Crime Study.
Meanwhile, there was an almost universal (99%)
sense of responsibility among the respondents for data security. Nearly all
(97%) also claimed that they understand the data security and privacy standards
of their organization. And yet there is some disconnect, as one in five (21%)
of healthcare workforce admitted to writing down their login credentials near
their computers.
A total of 912 employees of provider and payer
organizations in the US and Canada were polled for the survey, which was
conducted online in November. All of the respondents have access to electronic
health data such as personally identifiable information (PII), payment card
information (PCI), and protected health information (PHI).
In another study by Accenture in 2017, 88% of patients in the US said
that they trust their physicians or other healthcare providers to ensure
security for their electronic medical data. A quarter said that they had
experienced a breach of such data.
https://www.welivesecurity.com/2018/03/09/healthcare-employees-patient-data/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29