Ken Turbitt Blog
Aidan Lawes Blog
Paul Gostick Blog
Dr Jenny Dugmore Blog
Shirley Lacy Blog
Alim Ozcan Blog
Juan Jimenez Blog
Ian Clayton Blog
Nas Ozcan Blog
Aidan Mills Blog

Six Barriers to Becoming a Digital Business
Digital innovation promises to help organizations captivate customers and create new business models. But, for many CIOs, delivering digital innovation is harder than expected. To succeed, CIOs need to overcome six barriers to becoming a digital business...

Ten Strategic Technology Trends for Government
Technologies that enable new service models for digital government must be at the top of the list for government organizations as they prioritize technology investments...


The Robots are Coming: Are CEOs Ready for the Era of Automation?
CEOs agree that robotics is going to make their companies more efficient, with 94% of those who've already adopted robotics saying that it's increased productivity in their business...


The 2015 Chief Digital Officer Study
More companies are appointing a Chief Digital Officer to join their C-suite - but are they doing it quickly enough?...


18th Annual Global CEO Survey
The United States has overtaken China as top target for growth for the first time in five years...

5 March 2018 | ITSM
Send to a colleague | Add to MY ITP

Losing The Cyber Security Culture War
Survey finds one in five health employees willing to sell confidential data to unauthorized parties...

Nearly one in five health employees (18 percent) said they would be willing to sell confidential data to unauthorized parties, according to a new survey from Accenture.
The survey, of 912 employees of provider and payer organizations in the United States and Canada, found that the 18 percent of respondents willing to sell confidential data to unauthorized parties would do so for as little as between $500 and $1,000.  In addition, respondents from provider organizations were significantly more likely than those in payer organizations to say they would sell confidential data (21 percent vs. 12 percent). This includes selling login credentials, installing tracking software and downloading data to a portable drive, among other actions.
The survey also found that health employees’ willingness to sell confidential data is not just hypothetical: roughly one-quarter (24 percent) of the respondents said they know of someone in their organization who has sold their credentials or access to an unauthorized outsider. These actions contribute to the vast impact of cybercrime that health organizations spent an estimated US$12.5 million each, on average, addressing in 2017.
“Health organizations are in the throes of a cyber war that is being undermined by their own workforce,” said John Schoew, who leads Accenture’s Health & Public Service Security practice in North America. “With sensitive data a part of the job for millions of health workers, organizations must foster a cyber culture that addresses these deeply rooted issues so that employees become part of the fight, not a weak link.”

While nearly all (99 percent) of the respondents said they feel responsible for the security of data, their behavior suggests that organizations cannot rely solely on employees to safeguard data, as evidenced by the 21 percent who said they keep their user name and password written down next to their computer. Ironically, nearly all (97 percent) of the respondents said they understand their organization’s explanation of data security and privacy.

In addition, while nearly nine in 10 (88 percent) respondents said that their organization provides security training – with such training mostly mandatory – the findings suggest that training is not an absolute deterrent. Of those who receive security training, 17 percent said they still write down their user name and passwords, and 19 percent said they would be willing to sell confidential data. Surprisingly, those numbers increase for those who receive frequent training: of the employees who receive quarterly training, 24 percent said they write down their user names and passwords and 28 percent said they are willing to sell confidential data. This suggests that it’s the quality, not the frequency or quantity, of training that matters. 
“Employees have a key role in the healthcare industry’s battle with cyber criminals,” Schoew said. “As payers and providers invest in digital to transform productivity, cut costs and improve quality, they need a multi-pronged approach to data security that involves consistent and relevant training, multiple security techniques to protect data and continuous monitoring for anomalous behavior.”

For additional information on “LOSING THE CYBERSECURITY CULTURE WAR” click on the link https://goo.gl/TnsBW7.


To better understand healthcare organization employee attitudes and behaviors related to cybersecurity practices, Accenture surveyed 912 qualified employees of health providers (601) and payer organizations (311) from the United States and Canada. All respondents had access to digital health data including personally identifiable information, payment card information and protected health data. The online survey was conducted in November 2017.

Accenture Email to a colleague | Add to MY ITP

terms & conditions