It’s the enemy within. More than half of all cyberthreats are self-inflicted, but there are areas physician leaders can target to slow the trend.
Of the 2,216 reported international cybersecurity incidents last year, nearly a quarter (536) were directed at health care organizations.1 Each health care organization spends an average of $12.47 million in cybercrime expenses annually.2
What compounds the problem is that so many health care cyberthreats (56 percent) are self-inflicted — double the global average.1
Here are some areas physician leaders can target:
ACCURACY: 62 percent of health care’s security-related human error stems from email and faxes being sent to incorrect parties. Ensure transmissions are encrypted, then provide training for your staff.
ACCESS: Some employees will abuse access to systems and data. Monitor all access to internal health information, supported by training and enforced by corrective action.
DESKS: The office is the most frequent location (36 percent) for theft of assets such as laptops, mobile devices and documents. Encryption helps. So does locking your workspace.
AUTOS: Employee vehicles are the second-most frequent location (32 percent) for theft of those same assets. Don’t leave them in a vehicle.
SHREDDING: Establish — or follow through with — institutional protocols for physical destruction of all sensitive documents.
Andy Smith is a senior editor with the American Association for Physician Leadership.