Healthcare professionals surprisingly get very little security awareness training. Only 38 percent of these employees get security training at least twice a year — 49 percent get training once a year, 7 percent only when they are first hired and 6 percent receive no security awareness training at all.
Stu Sjouwerman, founder and CEO of KnowBe4 in Clearwater, Fla.: It looks like healthcare organizations first need to get hacked before they get the message it could have been prevented. There seems to be an "it can't happen to me" attitude. A recent Trustwave study called "2015 Security Health Check Report" shows some worrying numbers.
Insufficient awareness training creates a large attack surface for healthcare organizations, proven by the large number of healthcare breaches. In the past two years, hackers have stolen data from 81 percent of hospitals and health insurance companies, according to a report released by KPMG.
The healthcare records value is so much higher — 10 times higher — because the lifespan of these records is measured in years, compared to credit card numbers where the lifespan is months, if that. The KPMG study shows both technical and non-technical employees are aware of the risks to their industry in general. More than 90 percent of technical staff and 77 percent of non-technical staff at healthcare organizations thought cybercriminals were increasingly targeting healthcare organizations.
Trustwave's Steve Kelley stated: "Annual vulnerability testing and annual security awareness programs really aren't enough to maintain a fully secure posture in what's becoming one of the biggest consumer data issues and privacy data issues in the world."
KnowBe4 agrees. It is loud and clear that effective security awareness training is a must. Find out how affordable it is for your organization and you will be pleasantly surprised.