Wombat Security has recently published a report which has revealed that employees in the healthcare industry have a lack of understanding and awareness about common cybersecurity threats. Wombat Security is now a division of Proofpoint, a California-based cybersecurity company.
“Beyong the Phish Report” saw the Wombat Security compile data from nearly 85 million questions and answers posed to customers’ end users. Those surveyed were asked questions across 12 categories and represented 16 industries, including the healthcare industry.
Respondents were asked about their knowledge security practices that would help them avoid ransomware attacks, malware installations, and phishing attacks. One aim was to establish the level of expertise the employees at protecting confidential information, defending against email and web-based scams, securing mobile devices, working safely in remote locations, identifying physical risks, disposing of sensitive information securely, using strong passwords, and safe use of social media and the web.
The healthcare industry performed extremely poorly in the category for security awareness. Healthcare employees ranked second worst for their knowledge of best security practices, just ahead of the hospitality industry. In particular, the survey highlighted several areas of weakness that could potentially be exploited by cybercriminals to gain access to healthcare networks and sensitive data.
In addition to their lack of knowledge about security practices, respondents from the healthcare sector performed poorly in several other areas. They frequently responded incorrectly when answering questions related to identifying phishing emails, securely disposing of sensitive information, and protecting mobile devices and sensitive information stored on those devices.
Even though HIPAA requires healthcare employees to dispose of PHI securely, 28% of questions about how this should be achieved were answered incorrectly. A further 27% of questions about protecting mobile devices and information were answered incorrectly, as were 26% of questions relating to the protection of confidential information, and 21% of questions on the identification of common security issues and safe use of the Internet.
Overall, respondents from the healthcare industry answered 23% of questions incorrectly, which was similar to the proportion of incorrect answers offered by the manufacturing industry and professional services. Only hospitality industry employees performed worse. The average percentage of incorrect answers across all industry sectors was 19%.
Not every round of questions was answered poorly by healthcare professionals. Areas where respondents from the healthcare industry performed best were the use of safe, strong passwords and the identification and prevention of ransomware attacks, with just 12% and 10% of questions answered incorrectly.
“Our hope is that by sharing this data, infosec professionals will think more about the ways they are evaluating vulnerabilities within their organizations and recognize the opportunity they have to better equip employees to apply cybersecurity best practices and, as a result, better manage end-user risk,” said Joe Ferrara, Wombat General Manager.