A study on cybersecurity amongst Americans and Canadians working in the healthcare industry.
Cyber Pulse: The State of Cybersecurity in Healthcare – Part Two | By Kaspersky
Due to the rise in healthcare industry cyberattacks, healthcare providers in the U.S. and Canada are lawfully bound to protect sensitive patient healthcare information (PHI). In the U.S., the Healthcare Insurance Portability and Accountability Act (HIPAA) requires measures that protect the PHI of patients, while its Canadian counterpart is the Personal Information Protection and Electronic Documents Act (PIPEDA).
With support from the government, Kaspersky was interested in learning more about how knowledgeable healthcare industry workers in North America are in regards to cybersecurity regulations.
According to the survey, nearly a fifth of U.S. respondents (18%) reported they didn’t know what the HIPAA security rule meant. Additionally, less than a third of respondents (29%) were able to identify the correct meaning of the HIPAA Security Rule.
In Canada, nearly half of respondents (49%) said they didn’t know if Canadian PHI needed to stay in Canada and only 1% of respondents correctly identified that all Canadian PHI data can reside in the U.S. with the exception of British Columbia and Nova Scotia.
These results bring to light the alarming amount of healthcare industry employees that do not understand the PHI laws their government puts in place to protect patient confidentiality. With a clear lack of knowledge about the regulations meant to keep PHI safe, healthcare workers are widening the gap for cyber attackers to breach their IT systems and exploit sensitive patient information.