Hospitals, between 2009-2016, accounted for almost one third of all reported security incidents to the U.S. Office for Civil Rights (OCR). More incidents than any other industry. They pose themselves as easy targets because they contain valuable information on multiple devices and most healthcare organizations are focused on healthcare, not cybersecurity.
However, one report found that human error, not hackers, accounted for 33.5% of security incidents. The same report revealed that the main types of error included accidentally sending sensitive information to the wrong recipient, improperly discarding medical documents, and misplacing medical records. This human error makes it easy for hackers to gain access to information.
Employee’s security measures may not be as strong as they think. Credentials are the easiest way for a hacker to gain access into a system. A seven letter, every day word password can be cracked in .29 milliseconds, however, every letter or number that is added to the password adds security.
One of the most beneficial things that an organization can focus on is the training and education that they provide their employees. Companies should offer a wide variety of training methods, such as computer or classroom training, email alerts, and team discussions, regularly, to appeal to every learning style. Cutting down on employee’s personal use of work devices and reviewing employee’s activity can detect the misuse of resources or error early on. Increased security training could decrease human error in the healthcare industry.
