Nearly one in five employees in the healthcare field said they're willing to sell confidential data like login credentials to unauthorized parties, a new survey from Accenture claims. Nearly one quarter of the survey's respondents said they know someone in their organization who has sold their credentials or access to an unauthorized outsider.
The study also found some employees will sell data for cheap:
The survey, of 912 employees of provider and payer organizations in the United States and Canada, found that the 18 percent of respondents willing to sell confidential data to unauthorized parties would do so for as little as between $500 and $1,000. In addition, respondents from provider organizations were significantly more likely than those in payer organizations to say they would sell confidential data (21 percent vs. 12 percent). This includes selling login credentials, installing tracking software and downloading data to a portable drive, among other actions.
"Employees have a key role in the healthcare industry's battle with cyber criminals," John Schoew, leader of Accenture's Health & Public Service Security practice in North America, said. "As payers and providers invest in digital to transform productivity, cut costs and improve quality, they need a multi-pronged approach to data security that involves consistent and relevant training, multiple security techniques to protect data and continuous monitoring for anomalous behavior."
Other key points from the survey:
- 99 percent of respondents feel responsible for the security of data.
- 21 percent keep their user name and password written down next to their computer.
- 88 percent said their organization provides security training.
- For respondents who received training, 19 percent said they would sell confidential data.
Accenture conducted its online survey with 912 qualified employees of health providers (601) and payer organizations (311) from the US and Canada.