A majority (76 per cent) of cyber risk owners in healthcare think that most cyber attacks come through a lack of employee diligence while a quarter (28pc) of healthcare employees admit they are disengaged in the training offered by their company. These are among findings from a survey by Censuswide, on behalf of the cyber threat detection company e2e-assure, of 159 cyber risk owners and employees from within healthcare companies.
A majority (72pc) of healthcare organisations said they are concerned about the rise of new technologies such as AI and the threat it could pose to their organisation. Most, 86 per cent of cyber risk owners in Healthcare say they’ve worked at an organisation that has experienced a cyber attack, up from 77pc last year.
Comparing this year’s findings to e2e-assure’s 2023 research, about half of these cyber risk owners say resilience is now at the top of their agenda (49pc), up from 36pc last year. The firm suggests however that AI could be about to unravel the years of hard work already spent building it.
While 88pc of these cyber risk owners are confident in their AI policies, half of healthcare workers are either unsure as to whether their organisation even has AI policies in place (32pc) or are unaware of what they are (18pc). Some 41pc of healthcare workers say that they are using ChatGPT or Copilot at least once per week, and 41pc are saying they have been a victim of a cyber attack at work.
Given that employees are often the first line of defence against cyber criminals, education and training are integral for healthcare in mitigating the potential impact of breaches, but the research points to a lack of engagement in the training provided, e2e-assure add. Half (52pc of workers said they are only ‘somewhat engaged’ and over a quarter (28pc) are ‘not engaged’ at all. Most, 76pc of cyber risk owners in Healthcare agree most attacks are due to lack of employee diligence.
Among cyber attacks over 2024, the ransomware attack on pathology supplier, Synnovis, led to the cancellation and postponement of operations across London hospitals.
When healthcare employees were asked about the consequences of falling for a cyber attack, a quarter, 27pc said they receive training and a disciplinary if they cause another breach and a quarter (25pc) said they are required to just attend training. However, nearly a third (32pc) of healthcare employees don’t actually know what the associated consequences would be if they caused a cyber breach. Healthcare employees are not receiving the style of training that resonates with them, the firm suggests. Employees in this sector are less likely to receive real-life scenario training (38pc, despite a majority (82pc) of workers stating they would be more engaged if they did.
Rob Demain, Founder and CEO at e2e-assure, said: “Our research paints a picture of a sector under immense pressure as cyber attackers advance their threat tactics and open AI tooling gradually cements its way into everyday operations. This sector’s reactive approach to cyber defence and employee training is serving to disengage employees and increase cyber risk. To achieve the resilience cyber risk owners desire, a proactive approach to cyber security must instead be taken and training tailored to employee needs.”
