Healthcare Security Awareness Training For Employees At Hospitals Is More Critical Every Day
Security Awareness Training is becoming a necessity for more and more industries. The healthcare industry is probably the most important of all, yet it continues to fall short. According to a recent study by the Ponemon Institute, over 23% of all data breaches in 2017 were in the healthcare industry. Social engineers are targeting hospitals and healthcare companies at an alarming rate. They are a prime target because they store personal information for millions and millions of people. The cost to recover from a data breach are severe. Fines for HIPAA violations can go into the millions. Systems can be rendered useless. Patient healthcare can suffer. And the reputation of the company could take years to restore.
Humans are always the weakest link as it relates to data security. Security Awareness Training is an essential component of helping employees stay up to date about the latest threats. Social engineers, aka hackers, are constantly evolving their attacks to try stay ahead of information security initiatives. Here are two of the most important aspects of information security for healthcare entities:
- HIPAA (Health Insurance Portability and Accountability Act) – Federal law requires that protected health information (PHI) is used and disclosed per regulations.
- PHI (Protected Health Information) – Specific data linked to an individual that may be collected by a healthcare entity.
How do I make sure employees receive the best training possible?
The training course should address all the critical topics for security awareness – phishing, ransomware, etc. Additionally, the course should cover how the topics specifically relate to the healthcare industry. It may also be important for the course to educate employees regarding policies specific to that entity and/or location. A security awareness training provider that offers customization will be necessary if that is the case.