Lack of Safety Consciousness Training Leaves Healthcare Companies Exposed to Cyberattacks


A recent study carried out by the Ponemon Institute on behalf of Merlin International has disclosed healthcare companies are failing to provide adequate safety consciousness training to their workers, which is hindering attempts to improve their safety posture.

Phishing is the main safety danger and the healthcare industry is being heavily targeted. Phishing provides threat actors a trouble-free method to evade healthcare companies’ safety defenses. Threat actors are now using modern tactics to avoid detection by safety solutions and get their electronic mails delivered. Social engineering methods are used to deceive workers into replying to phishing electronic mails and disclose their login identifications or install malware.

Phishing is used in a high proportion of cyberattacks on healthcare companies. Research carried out by Cofense (previously PhishMe) indicates as many as 91% of cyberattacks begin with a phishing electronic mail. Although security solutions can be applied to obstruct the majority of phishing electronic mails from being delivered to end users’ inboxes, it’s not possible to obstruct 100% of malicious electronic mails. Safety consciousness training is therefore necessary.

Even though 62% of companies have suffered a data breach in the last year and it’s a requirement for HIPAA compliance, 51% of companies have not developed an incident reaction program that lets them to swiftly react and remediate breaches.

Recruitment was seen to be the main barricade stopping companies from improving their safety posture. 74% thought a lack of suitable workforce was the main problem hindering attempts to improve cybersecurity. 60% of respondents do not think they have the correct cybersecurity credentials in-house and only 51% of surveyed companies have hired a CISO.

“Healthcare companies should get even more serious concerning cybersecurity to safeguard themselves and their patients from losing access to or control of the proprietary and private information and systems the industry depends on to provide necessary treatment,” said Brian Wells, Director of Healthcare Strategy at Merlin International.