A new survey reveals that nearly one in five healthcare employees would be willing to sell confidential data to an unauthorized party.
According to Accenture’s 2018 Healthcare Workforce Survey on Cybersecurity, 18 percent of employees that work at healthcare providers and payers would be willing to sell sensitive data to unauthorized individuals. Respondents from providers were more open to the idea of a sale than payers at 21 percent and 12 percent, respectively. Those willing to sell would generally expect to receive between $500 and $1,000 in the process.
The threat of an unauthorized data sale is not theoretical in nature, either. Almost a quarter (24 percent) of respondents know of someone in their organization who has already sold off confidential information.
This is in spite of the fact that 99 percent of individuals surveyed told Accenture, which conducted its online survey of 912 employees of U.S. and Canadian healthcare providers (601) and payer organizations (311) in November 2017, they feel responsible for the security of patients’ medical data.
John Schoew, leader of Accenture’s Health & Public Service Security practice in North America, feels that employees’ willingness to entertain a sale is at least partially responsible for the $12.5 million that healthcare organizations each spent on average to tackle computer crime in 2017. As quoted in an Accenture news release:
Health organizations are in the throes of a cyber war that is being undermined by their own workforce. With sensitive data a part of the job for millions of health workers, organizations must foster a cyber culture that addresses these deeply rooted issues so that employees become part of the fight, not a weak link.
Organizations should certainly use these expert comments to strive to build a security culture in their workplace. But their efforts shouldn’t end there. They should also implement security controls such as encryption and multi-factor authentication that can help protect customers’ data. They should follow-up with solutions that can monitor for unauthorized access of patients information.
To learn how Tripwire can help your healthcare organization secure its data, click here.