Doctors warn online appointments are leaking sensitive data
Today's cybersecurity training is ineffective for many doctors, Kaspersky claims
For many doctors and clinicians, being able to conduct consultations remotely has been a literal lifesaver. However, many of them are also clumsy and often compromise customer personal information during these sessions.
A new report from Kaspersky has found cybersecurity training doesn’t really work as intended for many medical professionals, with almost a third (30%) of healthcare providers experiencing ncidents in which employees compromise sensitive data during online consultations, putting their customers at risk of identity theft.
For almost half of the respondents, this is due to clinicians not clearly understanding how patient data is protected.
Hospitals after more data
At the same time, almost two-thirds (60%) of medical organizations have dedicated IT security awareness training. For Kaspersky, this means that these sessions “don’t correspond to reality”, and fail to cover the most useful topics.
One of the ways clinicians risk getting sensitive data exposed is by using software that wasn’t vetted by the IT security team, on their endpoints. Apps such as FaceTime, Facebook Messenger, WhatsApp, Zoom, and similar, are often being used without getting the green light.
This won’t stop healthcare institutions from amassing even bigger piles of data. In fact, they believe they need more of it, to be able to train Artificial Intelligence (AI) tools, and with those - ensure a more reliable diagnosis.
To minimize the risk of such incidents, and to provide a new perspective for the industry, healthcare institutions need to “adjust their cybersecurity policy” to make it more relevant to the day and age we live in, Kaspersky concludes. That includes “clear guidelines on using external services and resources, a thoughtful access policy for corporate assets, and a robust password policy”.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The most important part is - to implement these things in practice, and supplement them with comprehensive security training.
“The more complex and critical technology is, the more awareness it requires from people who work with it,” commented Denis Barinov, Head of Kaspersky Academy.
“This is particularly important for the healthcare industry entering the new digital stage and increasingly facing issues connected to privacy and security. But it's not only about awareness - for any security training to be effective, it should not only deliver up-to-date information but also inspire and motivate people to behave safely in practice.”
- You might also want to check out our list of the best firewalls right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.