Healthcare-Specific Data and Analysis
Each year, we compile data across a range of industries, providing analysis about the cybersecurity topics end users struggle with, and the measures proactive organizations are taking to raise awareness and knowledge levels in an effort to manage end-user risk. This information forms the basis of our annual State of the Phish™ and Beyond the Phish® reports.
The State of Security Education: Healthcare report takes a deeper look at the healthcare-specific data we collected in 2017 and explores how medical staff and other end users in this industry are performing on cybersecurity assessments across a range of topics. In it, we analyze responses gathered via nearly 85 million questions asked and answered about 12 security topics in our Security Education Platform. We also share data culled from tens of millions of simulated phishing attacks sent over a 12-month period via our platform.
The report presents healthcare-specific data on the following security topics:
- Protecting and Disposing of Data Securely
- Protecting Mobile Devices and Information
- Protecting Confidential Information
- Identifying Phishing Threats
- Using the Internet Safely
- Common Security Issues
- Working Safely Outside the Office
- Protecting Against Physical Risks
- Using Social Media Safely
- Protecting Yourself Against Scams
- Building Safe Passwords
- Avoiding Ransomware Attacks
The report explores each of these 12 topics in detail, presenting data that reflects healthcare employees’ understanding of important cybersecurity issues.
Some Bright Spots, But Still Work to Do
According to our data, healthcare professionals are outperforming other industries on some important security topics, including use of social media platforms and ways to avoid ransomware attacks. But end users in this space fall behind many other industries in their understanding of data protection and disposal techniques, missing an average of 28% of questions about this topic. With data safeguards so necessary to overall healthcare security, this high percentage of questions missed shows room for improvement.
A Check-Up for Your Security Awareness Program
Understanding cybersecurity threats is one thing — what about reducing the risk? The report includes information on how frequently most healthcare organizations are making use of security awareness and training. What’s troubling is that half of these organizations rely on once-a-year training.
Such infrequent training might be just enough to comply with regulatory requirements, but it fails to produce satisfactory knowledge retention. Instead, healthcare organizations should focus on presenting small pieces of information with greater frequency and reinforcing these lessons over time, as we emphasize in our cyclical Continuous Training Methodology.
The good news is that effective security training does really work for the healthcare industry. We have seen with our customers that applying our cybersecurity education tools can help healthcare organizations reduce their vulnerability.