Although 20% of registered nurses recently surveyed said their facilities have experienced a breach of private patient data, it hasn’t shaken their confidence in their organizations. The online poll found that nearly half of the RNs were “very confident” in their organization’s ability to protect patient data against potential theft.
The survey, conducted by Harris Poll on behalf of the University of Phoenix College of Health Professions, included 250 RNs who work full-time in healthcare and have been in their position for at least two years.
Despite an increase in data breaches across the industry, the survey found that only a quarter of RNs say they have seen changes in the way their organizations handle data security and patient privacy over the past year.
And when asked where they have seen the most changes occur in the industry over the last year, including quality of care, safety, digital health records, prevention and population health, only 25% cited data security and privacy.
“Healthcare organizations are extremely susceptible to human error. If one employee accidentally invites malicious malware into a system, the impact can be catastrophic. To limit the amount of breaches, cybersecurity governance must improve,” Dennis Bonilla, executive dean for the College of Information Systems and Technology at University of Phoenix, said in the survey announcement. “Without improved training and robust cybersecurity response plans incorporated into information technology strategies, the healthcare industry will continue to bear the brunt of these attacks.”
Cybercriminals have targeted the healthcare industry because hospitals and health systems are so reliant on technology and have vast amounts of available patient data. In 2017, the healthcare industry experienced 374 breaches involving more than 5 million records, according to a report (PDF) compiled by the Identify Theft Resource Center. The breaches come at a hefty price. Organizations spend an average of $380 per impacted record, according to IBM’s 2017 Cost of Data Breach Study, costing the industry approximately $1.9 billion.
The survey findings illustrate the need for healthcare organizations to provide better and more frequent training of staff. However, recent research from Black Book indicates that 84% of provider organizations don’t have a reliable leader for enterprise cybersecurity, and only 11% say they plan to fill a cybersecurity leadership position in 2018. Without proper cybersecurity teams in place, the onus to protect health systems falls on healthcare professionals, many of whom are often unaware of how to identify threats and avoid breaches, University of Phoenix officials said in the announcement.
The nurses surveyed agreed. Twenty-three percent said that more support and training is needed to ensure healthcare privacy and security. They said their organizations are taking the following steps to protect patient data:
- Updating privacy and access policies (67%)
- Role-based access (59%)
- Data surveillance (56%)