sb-nz logo
Story image

US healthcare workers willing to sell confidential data for as little as $500

13 Mar 2018

Some healthcare workers in the United States and Canada would be willing to sell confidential data to unauthorized parties for as little as $500, a regional study by Accenture revealed this month.

While the results only polled US and Canada respondents, the study reveals a significant security hazard that could also be an issue for other healthcare organizations around the world.

The survey found that 18% of the 912 respondents would be willing to sell confidential data for between $500-$1000 - and they have the means to do so.

All respondents had access to confidential digital health data including personally identifiable information, payment card information and protected health data.

Those in ‘provider’ organizations are more likely to sell confidential data (21%) including login credentials, installing tracking software, downloading data into a portable drive and other such actions.

“Health organizations are in the throes of a cyber war that is being undermined by their own workforce,” comments Accenture’s leader of its North American Health & Public Service Security practice in North America, John Schoew.

Interestingly, 99% of respondents feel responsible for the security data and 97% say they understand their organization’s explanation of data security and privacy, 21% still keep their username and password written down and next to their computer.

While respondents may not have sold data themselves, 24% say they know of someone in their organizations who has sold it; or has allowed unauthorized access to an outsider.

“With sensitive data a part of the job for millions of health workers, organizations must foster a cyber culture that addresses these deeply rooted issues so that employees become part of the fight, not a weak link,” Schoew continues.

Security training may be present in many organizations (88% say their organization provides security training), this is not necessarily an absolute deterrent, Accenture says.

Of those who receive security training, 17% say they still write down their usernames and passwords; and 19% say they would still sell confidential data.

Those who receive frequent training are more likely to be a security risk, surprisingly. Of those who receive quarterly training, 24% write down their user names and passwords and 28% are willing to sell confidential data.

This suggests that it’s the quality, not the frequency or quantity, of training that matters.  

“Employees have a key role in the healthcare industry’s battle with cyber criminals,” Schoew says.

“As payers and providers invest in digital to transform productivity, cut costs and improve quality, they need a multi-pronged approach to data security that involves consistent and relevant training, multiple security techniques to protect data and continuous monitoring for anomalous behavior.” 

Story image
Palo Alto Networks extends cloud native security platform with new modules
Palo Alto Networks has announced the availability of Prisma Cloud 2.0, including four new cloud security modules, thus extending its Cloud Native Security Platform (CNSP). More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Report reveals relationship between boardroom and cybersecurity investments
“While boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value."More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Gartner names ThreatQuotient a representative vendor for SOAR
The company is listed in Gartner’s 2020 Market Guide for Security Orchestration, Automation and Response Solutions.More