Nearly a third of all healthcare employee respondents (32%) said that they had never received cybersecurity training from their workplace ... but should have.
Healthcare today has its share of gaps: Gaps in healthcare access, gaps in the treatment of chronic diseases, and gaps in communication between patient and provider.
But what about the existing gaps in a medical facility's IT security plan?
As well documented elsewhere, the healthcare industry is a prime target in 2019 for data breach. According to the HIPAA Journal, in the first 6 months of 2019, the records of 9,652,575 Americans were exposed, impermissibly disclosed, or stolen.
Compromised records are costly, too. According to the 2018 Cost of Data Breach Study by IBM Security and the Ponemon Institute, the cost of a healthcare data breach is $408 per record — higher than any other industry.
How well are these organizations, internally at least, working to prevent these data breaches? Not so well, according to a recent Kaspersky survey conducted, in which they surveyed 1,758 employees in a variety of roles working at healthcare organizations in North America.
Check out these findings regarding cybersecurity education:
- Nearly a third of all respondents (32%) said that they had never received cybersecurity training from their workplace but should have.
- Nearly 1 in 5 respondents (19%) said there needed to be more cybersecurity training by their organization.
- Almost a third of healthcare IT respondents (32%) said that they are aware of their organization’s cybersecurity policy and have read it only once.
- 2 in 5 respondents (40%) of healthcare workers in North America are not aware of cybersecurity measures in place at their organization to protect IT devices.
Organizations often, and rightfully so, turn to technology at network cybersecurity concerns – firewalls, content filters, encrypted data and email, virtual private networks, antivirus and anti-malware tools. But the numbers above suggest a deeper flaw in the way many approach IT security. They fail to properly arm their staff with the necessary knowledge and tools to demonstrate best practices.
3 Best Practices for Filling the IT Security Gap
1. Train Employees on Cybersecurity.
Employee training isn’t an option. The HIPAA Security Rule requires covered entities to “Implement a security awareness and training program for all members of its workforce (including management)”.
But the nature of threats like ransomware and social engineering are evolving and ongoing. So, too should be employee training.
HIPAA Training materials are a great place to start. But IT Security leaders should consider a trusted consultant, seek out webinars, offer one-day trainings – anything they can do to both stay ahead of emerging cybersecurity threats and ensure that what is shared resonates with employees throughout their workday.
2. Lock Down Your Output Devices.
Data breaches aren’t always sophisticated online attacks. They’re often that sheet of paper collecting dust on top of the printer.
Printers are an often overlooked piece to the HIPAA & IT Security Puzzle. According to the HIPAA Journal, an analysis of 1,183 data breaches reported to OCR from 2009 to 2017 showed that 28.7 percent of the incidents involved paper records. Additionally, 53 percent of those breaches were caused by “insiders and negligence.”
Output management solutions track all print, scan and fax activities on MFPs, but also quickly mitigate any unauthorized access to sensitive patient healthcare information. To prevent unauthorized use of devices and keep valuable and confidential information safe, uniFLOW requires users to identify themselves at a device before documents can be released.
Visit with your office equipment provider to explore output management solutions that could fit your needs.
3. Partner with a Skilled IT Security Team.
Partnering with a reputable IT security team who fully comprehends your organization’s unique security risks, and can map out your security and compliance journey long term, creates a strong foundation to build upon. Managed IT Services offers a variety of advantages to your facility.
Among those:
- They provide 24/7/365 monitoring,
- They guarantee response times for quicker resolution,
- They supply a business continuity plan (in the event of disaster),
- They offer ongoing IT security training to your team.
Ready to close your security gap? Protecting patient data and keeping your organization in line with HIPAA compliance standards begins with technology discovery. Datamax Discovery™ analyzes the inter-connected components of your business processes (documents/printers/networks) to diagnose and begin treating areas of lost productivity
