Healthcare Workers Agree Data Security Is Their Responsibility, But Survey Shows Massive Gaps in Practice
Only 39% of healthcare workers check security protocols before trying a new tool or technology, as almost a quarter think that generative AI is safe to use at work
A new Salesforce survey of over 400 healthcare workers reveals that while the majority (76%) agree that keeping data safe is their responsibility, it appears they are not consistently implementing cybersecurity best practices.
This may be of concern in a sector that collects highly sensitive data. Over half (57%) of healthcare workers report their job has become more digitized in the last two years, indicating that an even larger amount of data needs protection.
Over half (57%) of healthcare workers report their job has become more digitized in the last two years, indicating that an even larger amount of data needs protection.
Despite the important task of protecting patient data, and healthcare being the third-most cyber attacked industry in 2022, nearly a quarter (22%) of survey respondents say that security protocols are not strictly enforced in their organization. And, nearly one in three (31%) don’t know what to do in the event of a breach.
Salesforce’s New Era of Data Stewardship in Healthcare survey uncovers potential security gaps among healthcare workers today, and highlights the need for trusted technologies to support workers as they protect patient data.
Healthcare workers are on the front lines of keeping patient data safe — but are not always enabled with adequate training
Healthcare workers are responsible for patient care, and that includes their data. While organizations recognize the importance of a security-first culture, the reality on the ground shows that existing trainings and tools could be improved:
- Over two-thirds (67%) of healthcare workers say they have a security-first culture, but less than a third (31%) say they are very familiar with company security processes and protocols.
- Forty-three percent say they personally don’t have to worry about security at work.
- Most (70%) say they have the training needed to keep data secure. However, only 54% find security training to be efficient, and almost one in five (19%) say that their security training is not relevant to their job.
Healthcare workers consider their devices to be safe, which can contribute to risk
Security training has also netted low results when it comes to technology, and especially, personal devices. The research shows that healthcare workers are blending personal and corporate devices for work:
- Only 40% of healthcare workers consider their connected devices (e.g., mobile phone, laptops) to be a cybersecurity risk.
- More than half (61%) assume if they can access something on their work device, it must be safe.
- One in three (33%) healthcare workers use the same passwords for personal and work-related logins.
- Almost half (46%) have accessed work documents or systems from their personal device.
- Almost half (48%) agree that their personal devices are as secure as their work devices.
Almost three-quarters (74%) of respondents say their company has the tools needed to keep data secure. However:
- Less than half (39%) of healthcare workers use multi-factor authentication every time.
- One in four (25%) have accidentally clicked on a suspicious link at work.
- Almost one in five (19%) never use VPN for online work.
- Under half (42%) flag phishing emails every time to the security team when they receive them.
Generative AI experimentation may present new cyber risks
As organizations explore the use of generative AI, new security implications can arise, especially in industries like healthcare with sensitive patient information. The survey reveals that healthcare workers are experimenting with new technologies like generative AI, sometimes at the expense of security:
- Only 39% of healthcare workers check security protocols before trying a new tool or technology.
- Almost a quarter (23%) think that generative AI is safe to use at work, and 15% have already experimented with generative AI, like ChatGPT or DALL-E, for work.
- Just 55% feel their security policies keep up with new tools and technologies.
“As more patient data is stored and transmitted digitally, cybersecurity risks will continue to evolve. And they become more complex as new technologies like generative AI enter the fold,” said Sean Kennedy, VP & GM, Global Health Strategy & Solutions, Salesforce. “Healthcare workers play a critical part in keeping patient data safe. Organizations can empower their workforce by fostering a strong security-first culture that emphasizes the importance of security at all levels and enables them with secure digital tools.”
- Learn about Customer 360 for Health innovations announced at HIMSS here
- Learn more about Salesforce Customer 360 for Health here
- Review findings from the Generative AI in IT survey, which uncovers opportunities and barriers like security to generative AI adoption
- Learn more about the digital skills gap, including the need for cybersecurity skills, and how companies can narrow it
Data from Salesforce’s New Era in Data Stewardship is based on a survey of 1,230 full-time employees within automotive (400 respondents), government (412 respondents), and healthcare (418 respondents) across the U.S. The survey was conducted in partnership with YouGov in March 2023.