New study: Healthcare workers negligent with IT security

Cybercrime is on the rise, especially in the healthcare industry. According to Cisco, patient data, stored in platforms such as EHRs and medical office software, is a particularly lucrative for cybercriminals, because it contains information about a victim's identity, such as their social security number, address, insurance provider and so on. Criminals also scout out the data because, unlike bank account fraud, it can take an extensive amount of time before the crime of patient health data theft is uncovered, providing the perpetrator with plenty of time in which to commit their crime.

Common types of attack
Two of the most common forms of cybercrime that hospitals face are ransomware and phishing crimes. Phishing crimes entail the theft of protected patient data, while ransomware crimes involve a criminal holding valuable data hostage. According to Healthcare IT News, ransomware attacks in particular are very common. The source reported that 75 percent of healthcare organizations across the country have experienced some form of ransomware attack.

New study finds password security is lax
Despite the growing threat of cybercrime, a new study from the University of Pennsylvania has found that healthcare professionals often fail to take password protection seriously, Fierce Health IT reported. The study was composed of interviews with an array of health professionals - from doctors, to nurses, to chief medical information officers and so on. Researchers found that a number of the professionals failed to take strict measures to protect their passwords. For example, practices such as leaving computers logged in and unattended, and passwords being written on paper and shared was common practice, Fierce Health IT detailed.

The study found that although most of the health professionals interviewed were aware of the potential security risks of such actions, they continued with them anyway because they saved time and are more efficient. Time and efficiency is especially vital in a medical setting such as a hospital, where life and death decisions are made on a daily basis.

Despite the actions of the hospital staff, most interviewees revealed that they were not held accountable for their actions and that it was in fact common practice. The disregard of IT security measures by health professionals likely leads to tension with hospital IT staff determined to keep systems as safe as possible.

Kevin McCarthy's picture

Kevin McCarthy

Industry News Editor

An avid traveler and news junkie, Kevin covers a range of topics from healthcare technology to policy and regulations. As a former journalism student, he enjoys finding stories relevant to small practices and is passionate about keeping them informed. Before joining NueMD, Kevin worked for Turner Broadcasting as a Programming Intern where he conducted legal research and contributed to editorial content development. He received his bachelor's degree in Communication from Kennesaw State University and currently serves as the Industry News Editor at NueMD.

comments powered by Disqus

Related Articles