Story image

US healthcare workers willing to sell confidential data for as little as $500

13 Mar 2018

Some healthcare workers in the United States and Canada would be willing to sell confidential data to unauthorized parties for as little as $500, a regional study by Accenture revealed this month.

While the results only polled US and Canada respondents, the study reveals a significant security hazard that could also be an issue for other healthcare organizations around the world.

The survey found that 18% of the 912 respondents would be willing to sell confidential data for between $500-$1000 - and they have the means to do so.

All respondents had access to confidential digital health data including personally identifiable information, payment card information and protected health data.

Those in ‘provider’ organizations are more likely to sell confidential data (21%) including login credentials, installing tracking software, downloading data into a portable drive and other such actions.

“Health organizations are in the throes of a cyber war that is being undermined by their own workforce,” comments Accenture’s leader of its North American Health & Public Service Security practice in North America, John Schoew.

Interestingly, 99% of respondents feel responsible for the security data and 97% say they understand their organization’s explanation of data security and privacy, 21% still keep their username and password written down and next to their computer.

While respondents may not have sold data themselves, 24% say they know of someone in their organizations who has sold it; or has allowed unauthorized access to an outsider.

“With sensitive data a part of the job for millions of health workers, organizations must foster a cyber culture that addresses these deeply rooted issues so that employees become part of the fight, not a weak link,” Schoew continues.

Security training may be present in many organizations (88% say their organization provides security training), this is not necessarily an absolute deterrent, Accenture says.

Of those who receive security training, 17% say they still write down their usernames and passwords; and 19% say they would still sell confidential data.

Those who receive frequent training are more likely to be a security risk, surprisingly. Of those who receive quarterly training, 24% write down their user names and passwords and 28% are willing to sell confidential data.

This suggests that it’s the quality, not the frequency or quantity, of training that matters.  

“Employees have a key role in the healthcare industry’s battle with cyber criminals,” Schoew says.

“As payers and providers invest in digital to transform productivity, cut costs and improve quality, they need a multi-pronged approach to data security that involves consistent and relevant training, multiple security techniques to protect data and continuous monitoring for anomalous behavior.” 

Forescout strengthens investment in OT security
Forescout’s latest features will provide enterprises with improved productivity, lower risk profiles and faster mitigation of threats.
Hybrid cloud security big concern for business leaders
A new study highlights that IT and security professionals have significant concerns around security for hybrid cloud and multi-cloud environments.
GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.