According to one small global study, the answer may alarm you.
Data breaches do not always occur as a result of adversaries’ actions. Quite often, information can be compromised by internal actors.
The recent momentum to provide telehealth and telemedicine services has now developed a hiccup: a global survey has showed that around 17% of healthcare providers polled were sure that most of their clinicians that conduct remote sessions had clear insights into how their patients’ data was being protected. This is despite the fact that 70% of medical organizations in the survey had dedicated IT security awareness training.
These figures by Kaspersky can be seen as a sign that not all cybersecurity education actually correspond to practical reality and may fail to cover topics that would be most useful for physicians’ daily practices.
What the study shows
Some figures of interest in the 2021 survey consisting of 389 interviews across 34 countries, include:
- 30% of healthcare providers in the survey had experienced cases where their employees compromised customers’ personal information during remote consultations.
- Almost half of healthcare providers believed that their clinicians did not clearly understand how patients’ data was protected.
- 67% of respondents believed it was important for the healthcare sector to collect even more personal information to further industry development.
- 54% of respondents indicated that some of their clinicians conducted remote sessions using apps not specifically designed for telehealth: FaceTime, Facebook Messenger, WhatsApp, Zoom, and others.
- 67% of respondents agreed to prompts that the industry needs to collect more personal information than they currently hold, to train AI and ensure a reliable diagnosis.
Commented Denis Barinov, Head, Kaspersky Academy: “The more complex and critical technology is, the more awareness it requires from people who work with it. This is particularly important for the healthcare industry entering the new digital stage and increasingly facing issues connected to privacy and security. But it’s not only about awareness—for any security training to be effective, it should not only deliver up-to-date information but also inspire and motivate people to behave safely in practice.”
According to Prof Chengyi Lin, Affiliate Professor of Strategy, INSEAD: “To accelerate the evolution of digital health, we have to carefully curate, manage and govern sensitive health data. This information is also valuable to individuals and the healthcare system to improve outcomes and reduce costs. We have already seen encouraging results from using big data for better clinical trial design and reducing both time and costs. We can leverage technologies to ensure privacy while delivering the benefits, for example, using additional privacy measures to facilitate the adoption of AI.”
To minimize the risk of internally-caused incidents and provide new perspectives for the industry, healthcare organizations should adjust their cybersecurity policy and make it relevant to today’s needs. This includes clear guidelines on using external services and resources, a thoughtful access policy for corporate assets, and a robust password policy. All these measures must be implemented in practice and supplemented by comprehensive security training.