[BreachExchange] 1 in 5 health employees willing to sell confidential data: 7 survey insights

[Destry Winant]

https://www.beckershospitalreview.com/cybersecurity/1-in-5-health-employees-willing-to-sell-confidential-data-7-survey-insights.html

Nearly one in five healthcare employees would be willing to sell
confidential data to unauthorized parties for as little as $500,
according to a survey from Accenture.

For the report title "Losing the Cyber Culture War in Healthcare,"
Accenture surveyed 912 provider and payer organizations across the
U.S. and Canada.

Here are seven survey insights.

1. About 18 percent of respondents said they would be willing to sell
confidential data — such as login credentials, installing tracking
software and downloading data to a portable drive —  to unauthorized
parties for as little as $500 to $1,000.

2. About 24 percent of respondents said they knew of someone in their
organization who sold credentials or access to an unauthorized
outsider.

3. Respondents from provider organizations (21 percent) were more
likely than those in payer organizations (12 percent) to say they
would sell confidential data.

4. Almost all (99 percent) of respondents said they feel responsible
for data security.

5. Even though 97 percent of respondents claim they understand their
organization's data security and privacy standards, 21 percent keep
their username and password written down next to their computer.

6. About one in six respondents were unaware of cybersecurity training
at their organization, and 29 percent of respondents who receive
training only do so once.

7. Of those who receive security training, 17 percent said they still
write down their usernames and passwords, and 19 percent said they
would be willing to sell confidential data. However, those numbers
increase for those who receive frequent training — of the employees
who receive quarterly training, 24 percent said they write down their
usernames and passwords and 28 percent said they are willing to sell
confidential data.

"Health organizations are in the throes of a cyber war that is being
undermined by their own workforce," said Accenture Managing Director
John Schoew, who leads the Health and Public Service Security practice
in North America. "With sensitive data a part of the job for millions
of health workers, organizations must foster a cyber culture that
addresses these deeply rooted issues so that employees become part of
the fight, not a weak link."