Story image

US healthcare workers willing to sell confidential data for as little as $500

13 Mar 2018

Some healthcare workers in the United States and Canada would be willing to sell confidential data to unauthorized parties for as little as $500, a regional study by Accenture revealed this month.

While the results only polled US and Canada respondents, the study reveals a significant security hazard that could also be an issue for other healthcare organizations around the world.

The survey found that 18% of the 912 respondents would be willing to sell confidential data for between $500-$1000 - and they have the means to do so.

All respondents had access to confidential digital health data including personally identifiable information, payment card information and protected health data.

Those in ‘provider’ organizations are more likely to sell confidential data (21%) including login credentials, installing tracking software, downloading data into a portable drive and other such actions.

“Health organizations are in the throes of a cyber war that is being undermined by their own workforce,” comments Accenture’s leader of its North American Health & Public Service Security practice in North America, John Schoew.

Interestingly, 99% of respondents feel responsible for the security data and 97% say they understand their organization’s explanation of data security and privacy, 21% still keep their username and password written down and next to their computer.

While respondents may not have sold data themselves, 24% say they know of someone in their organizations who has sold it; or has allowed unauthorized access to an outsider.

“With sensitive data a part of the job for millions of health workers, organizations must foster a cyber culture that addresses these deeply rooted issues so that employees become part of the fight, not a weak link,” Schoew continues.

Security training may be present in many organizations (88% say their organization provides security training), this is not necessarily an absolute deterrent, Accenture says.

Of those who receive security training, 17% say they still write down their usernames and passwords; and 19% say they would still sell confidential data.

Those who receive frequent training are more likely to be a security risk, surprisingly. Of those who receive quarterly training, 24% write down their user names and passwords and 28% are willing to sell confidential data.

This suggests that it’s the quality, not the frequency or quantity, of training that matters.  

“Employees have a key role in the healthcare industry’s battle with cyber criminals,” Schoew says.

“As payers and providers invest in digital to transform productivity, cut costs and improve quality, they need a multi-pronged approach to data security that involves consistent and relevant training, multiple security techniques to protect data and continuous monitoring for anomalous behavior.” 

Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.