Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workforce Survey on Cybersecurity

2,908 views

Published on

Accenture surveyed employees of provider and payer organizations in the United States and Canada to understand health employee attitudes and behaviors related to cybersecurity practices.

Published in: Technology
  • Be the first to comment

Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workforce Survey on Cybersecurity

  1. 1. Accenture 2018 Healthcare Workforce Survey on Cybersecurity LOSING THE CYBER CULTURE WAR IN HEALTHCARE #INNOVATELIVE Copyright © 2018 Accenture. All rights reserved.
  2. 2. ACCENTURE 2018 HEALTHCARE WORKFORCE SURVEY ON CYBERSECURITY OVERVIEW 2 Accenture commissioned a web-based survey to qualified employees of healthcare providers and payers in the United States and Canada Respondents were not required to provide their names, nor the name of their organization, but did report their department, job responsibility and/or primary role All respondents were required to have access to patient digital healthcare data including PHI, PII, or PCI The survey was conducted in November, 2017 Copyright © 2018 Accenture. All rights reserved. 601 Provider respondents 311 Payer respondents
  3. 3. HEALTHCARE EMPLOYEES ARE WILLING TO PUT PATIENTS’ MEDICAL DATA AT RISK WRITING DOWN USERNAMES and password and keeping it next to the computer SELLING CREDENTIALS or access to an unauthorized outside person or entity WILLING TO MAKE A PROFIT by providing an unauthorized outsider access to organization’s confidential data 3 Copyright © 2018 Accenture. All rights reserved.
  4. 4. 21% OF HEALTHCARE EMPLOYEES WRITE DOWN USERNAME AND PASSWORD NEAR THE COMPUTER 4 PROVIDER VS PAYER Employees who write down username and password next to computer 17% 23% 79% 21% Do you write down your username and password next to the computer? PROVIDER PAYER NO, I do not YES, I do write my username and password next to the computer Copyright © 2018 Accenture. All rights reserved.
  5. 5. 24% OF HEALTHCARE EMPLOYEES ARE AWARE OF SOMEONE WITHIN THEIR ORGANIZATION SELLING ACCESS 31 percent ARE YOU AWARE OF SOMEONE SELLING ACCESS TO PATIENT DATA? Total 0% 100% % EMPLOYEES 8% 68%24% Yes, I am aware of that happening within my organization I am aware of that happening outside of my organization No, I am not aware of that happening within my organization 5 *Numbers rounded Sample: All respondents (n=912) Payers Providers* 8% 77%15% 9% 63%29% Copyright © 2018 Accenture. All rights reserved.
  6. 6. 18% OF HEALTHCARE EMPLOYEES ARE WILLING TO MAKE A PROFIT BY PROVIDING ACCESS TO AN UNAUTHORIZED OUTSIDER PROVIDER VS PAYER Employees who are willing to make profit 12% 21% 82% 18% PROVIDER PAYER NO AMOUNT OF MONEY WOULD PERSUADE ME to give someone confidential company information WILLING TO MAKE A PROFIT by providing an unauthorized outsider access to your organization’s confidential data 6 Copyright © 2018 Accenture. All rights reserved.
  7. 7. NEARLY HALF OF HEALTHCARE EMPLOYEES STATED THAT THEY ARE AWARE OF PATIENT DATA BREACHES IN THEIR ORGANIZATIONS HOW MANY PATIENT DATA BREACHES ARE YOU AWARE OF IN YOUR ORGANIZATION? Total* 0% 60% % EMPLOYEES No breaches 1-10 breaches More than 10 breaches 7 47%3% 52% Payers Providers 43%1% 56% 47% 4% 49% *Numbers rounded Sample: All respondents (n=912) Copyright © 2018 Accenture. All rights reserved.
  8. 8. CYBERSECURITY TRAINING ISN’T REACHING EVERYONE 1 in 6 healthcare employees are unaware of training at their organizations or their organization does not offer training at all 29% of healthcare employees who receive training only get it once INCREASED TRAINING DID NOT CORRELATE WITH BETTER CYBERSECURITY BEHAVIORS CYBERSECURITY TRAINING ISN’T ENOUGH 8 Copyright © 2018 Accenture. All rights reserved.
  9. 9. WILLING COMPLIANCE WITH / SUPPORT OF CYBERSECURITY POLICIES IS STILL NOT EMBEDDED IN HEALTHCARE ORGANIZATIONS’ CULTURES Nearly 1 in 3 healthcare employees question the effectiveness of cybersecurity policies and procedures at their organizations 15-20% of healthcare employees admit to poor compliance with key policies such as: 9 • Secure password management • Downloading email attachments and software • Using unsecure networks Copyright © 2018 Accenture. All rights reserved.
  10. 10. CALL TO ACTION 01 LOSING THE CYBER CULTURE WAR IN HEALTHCARE OPTIMIZE TRAINING 10 Ensure all healthcare employees receive consistent and impactful cybersecurity training. Particularly those with access to patients’ digital healthcare data. 02USE MANY TECHNIQUES Encryption Tokenization Micro segmentation Privilege and digital rights management Selective redaction Data scrambling 03LIMIT, MONITOR AND SEGMENT ACCESS Use two-factor authentication as much as possible. Use role-based access to make automated decisions about who is allowed to see what data and systems. 04MONITOR FOR SUSPICIOUS ACTIVITY Monitor continuously and vigorously. Not just for unauthorized access but for undiscovered threats and suspicious user behavior. Copyright © 2018 Accenture. All rights reserved.

×