Story image

US healthcare workers willing to sell confidential data for as little as $500

13 Mar 18

Some healthcare workers in the United States and Canada would be willing to sell confidential data to unauthorized parties for as little as $500, a regional study by Accenture revealed this month.

While the results only polled US and Canada respondents, the study reveals a significant security hazard that could also be an issue for other healthcare organizations around the world.

The survey found that 18% of the 912 respondents would be willing to sell confidential data for between $500-$1000 - and they have the means to do so.

All respondents had access to confidential digital health data including personally identifiable information, payment card information and protected health data.

Those in ‘provider’ organizations are more likely to sell confidential data (21%) including login credentials, installing tracking software, downloading data into a portable drive and other such actions.

“Health organizations are in the throes of a cyber war that is being undermined by their own workforce,” comments Accenture’s leader of its North American Health & Public Service Security practice in North America, John Schoew.

Interestingly, 99% of respondents feel responsible for the security data and 97% say they understand their organization’s explanation of data security and privacy, 21% still keep their username and password written down and next to their computer.

While respondents may not have sold data themselves, 24% say they know of someone in their organizations who has sold it; or has allowed unauthorized access to an outsider.

“With sensitive data a part of the job for millions of health workers, organizations must foster a cyber culture that addresses these deeply rooted issues so that employees become part of the fight, not a weak link,” Schoew continues.

Security training may be present in many organizations (88% say their organization provides security training), this is not necessarily an absolute deterrent, Accenture says.

Of those who receive security training, 17% say they still write down their usernames and passwords; and 19% say they would still sell confidential data.

Those who receive frequent training are more likely to be a security risk, surprisingly. Of those who receive quarterly training, 24% write down their user names and passwords and 28% are willing to sell confidential data.

This suggests that it’s the quality, not the frequency or quantity, of training that matters.  

“Employees have a key role in the healthcare industry’s battle with cyber criminals,” Schoew says.

“As payers and providers invest in digital to transform productivity, cut costs and improve quality, they need a multi-pronged approach to data security that involves consistent and relevant training, multiple security techniques to protect data and continuous monitoring for anomalous behavior.” 

Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.
Report on SingHealth breach condemns poor security practices
The 2018 Singapore SingHealth data breach was poorly managed and riddled with vulnerabilities from the start.
Tesla wants people to hack its Model 3
Tesla is offering white hat hackers what could be the chance of a lifetime – the opportunity to hack one of its Model 3 vehicles.