Written by Julie Spitzer for Becker’s Health IT & CIO Review
Nearly one in five healthcare employees would be willing to sell confidential data to unauthorized parties for as little as $500, according to a survey from Accenture.
For the report title “Losing the Cyber Culture War in Healthcare,” Accenture surveyed 912 provider and payer organizations across the U.S. and Canada.
Here are seven survey insights:
- About 18 percent of respondents said they would be willing to sell confidential data — such as login credentials, installing tracking software and downloading data to a portable drive — to unauthorized parties for as little as $500 to $1,000.
- About 24 percent of respondents said they knew of someone in their organization who sold credentials or access to an unauthorized outsider.
- Respondents from provider organizations (21 percent) were more likely than those in payer organizations (12 percent) to say they would sell confidential data.
- Almost all (99 percent) of respondents said they feel responsible for data security.
- Even though 97 percent of respondents claim they understand their organization’s data security and privacy standards, 21 percent keep their username and password written down next to their computer.
- About one in six respondents were unaware of cybersecurity training at their organization, and 29 percent of respondents who receive training only do so once.
- Of those who receive security training, 17 percent said they still write down their usernames and passwords, and 19 percent said they would be willing to sell confidential data. However, those numbers increase for those who receive frequent training — of the employees who receive quarterly training, 24 percent said they write down their usernames and passwords and 28 percent said they are willing to sell confidential data.
“Health organizations are in the throes of a cyber war that is being undermined by their own workforce,” said Accenture Managing Director John Schoew, who leads the Health and Public Service Security practice in North America. “With sensitive data a part of the job for millions of health workers, organizations must foster a cyber culture that addresses these deeply rooted issues so that employees become part of the fight, not a weak link.”