sb-au logo
Story image

US healthcare workers willing to sell confidential data for as little as $500

13 Mar 2018

Some healthcare workers in the United States and Canada would be willing to sell confidential data to unauthorized parties for as little as $500, a regional study by Accenture revealed this month.

While the results only polled US and Canada respondents, the study reveals a significant security hazard that could also be an issue for other healthcare organizations around the world.

The survey found that 18% of the 912 respondents would be willing to sell confidential data for between $500-$1000 - and they have the means to do so.

All respondents had access to confidential digital health data including personally identifiable information, payment card information and protected health data.

Those in ‘provider’ organizations are more likely to sell confidential data (21%) including login credentials, installing tracking software, downloading data into a portable drive and other such actions.

“Health organizations are in the throes of a cyber war that is being undermined by their own workforce,” comments Accenture’s leader of its North American Health & Public Service Security practice in North America, John Schoew.

Interestingly, 99% of respondents feel responsible for the security data and 97% say they understand their organization’s explanation of data security and privacy, 21% still keep their username and password written down and next to their computer.

While respondents may not have sold data themselves, 24% say they know of someone in their organizations who has sold it; or has allowed unauthorized access to an outsider.

“With sensitive data a part of the job for millions of health workers, organizations must foster a cyber culture that addresses these deeply rooted issues so that employees become part of the fight, not a weak link,” Schoew continues.

Security training may be present in many organizations (88% say their organization provides security training), this is not necessarily an absolute deterrent, Accenture says.

Of those who receive security training, 17% say they still write down their usernames and passwords; and 19% say they would still sell confidential data.

Those who receive frequent training are more likely to be a security risk, surprisingly. Of those who receive quarterly training, 24% write down their user names and passwords and 28% are willing to sell confidential data.

This suggests that it’s the quality, not the frequency or quantity, of training that matters.  

“Employees have a key role in the healthcare industry’s battle with cyber criminals,” Schoew says.

“As payers and providers invest in digital to transform productivity, cut costs and improve quality, they need a multi-pronged approach to data security that involves consistent and relevant training, multiple security techniques to protect data and continuous monitoring for anomalous behavior.” 

Link image
Need better security now your workforce is remote? Get it for free
Remote working comes with all kinds of cybersecurity risks. Protect your business by leveraging multi-factor authentication, biometrics and push notification software for free.More
Story image
Remote workers need to improve security measures amidst COVID-19
Technological support and security measures are amongst ways organisations and their employees can protect their business as they move to remote working during the COVID-19 pandemic. More
Story image
Mentorship key to bringing women into cybersecurity - Microsoft
“Diverse teams make better and faster decisions 87% of the time compared with all male teams, yet the actual number of women in our field fluctuates between 10 and 20%. What ideas have we missed by not including more women?”More
Story image
80% of cyber threat landscape uses COVID-19 as leverage - report
A report released recently by Proofpoint reveals the extent to which cyber attackers are capitalising on fear and paranoia surrounding the pandemic, with instances of coronavirus-themed attacks increasing every day.More
Story image
Five questions organisations should ask when evaluating an asset management solution
Asset management solutions are imperative for business security, and choosing the right solution that is tailored to business requirements, will determine its success.More
Story image
Worrying gap in local consumer cybersecurity savvy
New research shows A/NZ consumers feel clued in, but there’s clear room for improvement in their education and tools.More