A recent study suggests that doctors are less aware of data security risks than other healthcare professionals, and more likely to engage in risky security behavior.
According to the Verizon Enterprises Data Breach Investigations Report, physicians were three times less prone to recognize “phishing” scam e-mails, a common data security threat. Also, half of the physicians profiled in the report scored in the overall “risk” category, meaning that their actions could easily impose a privacy or security threat.
This is part of a larger universe in which 23% of respondents to the survey failed to report a variety of potential security or privacy threats or incidents such as unsecured personnel files and potentially malware-infected computers. Even worse, 21% of survey respondents didn’t recognize some forms of personally identifiable information.
Very few physicians go into the business of medicine with a desire to become a computer expert, and at least some of them detest the technology they interact with daily. Nonetheless, in today’s world failing to understand at least common security threats could compromise your entire organization.
To get physicians more up to speed, make it easy for them to access and consume security information. Depending on the culture of your healthcare organization, you might want to license outside teaching content; prepare a series of educational e-mails (perhaps once a week) introducing key threats and proper responses; hold a brown-bag lunch meeting to update clinicians on these issues; or take another approach.
Regardless, it’s important to address this issue. As the survey suggests, many physicians simply don’t know enough about security to keep patient data safe.
This article appeared in Fast Practice, Greenbranch Publishing, 2018