Those who said they were willing to sell the data would do so for as little as between $500 and $1,000.
Accenture surveyed 912 qualified employees of health providers (601) and payer organizations (311) from the United States and Canada. All the respondents had access to digital health data, including personally identifiable information, payment card information, and protected health data.
The recent survey , “Losing the Cyber Culture War in Healthcare,” of healthcare employees found that respondents from provider organizations were significantly more likely than those in payer organizations to say they would sell confidential data (21% vs. 12%).
This includes selling login credentials, installing tracking software, and downloading data to a portable drive, among other actions.
In addition, health employees’ willingness to sell confidential data is not just hypothetical: 24% of the respondents said they actually know of someone in their organization who has sold their credentials or access to an unauthorized outsider.
In contrast, 88% of consumers in a separate Accenture survey said they trust their physicians or other healthcare providers to keep digital healthcare data secure.
Read about the r4port in HealthLeaders Media
Read “7 Survey Insights” in Becker’s Hospital Review :
1. About 18 percent of respondents said they would be willing to sell confidential data — such as login credentials, installing tracking software and downloading data to a portable drive — to unauthorized parties for as little as $500 to $1,000.
2. About 24 percent of respondents said they knew of someone in their organization who sold credentials or access to an unauthorized outsider.
3. Respondents from provider organizations (21 percent) were more likely than those in payer organizations (12 percent) to say they would sell confidential data.
4. Almost all (99 percent) of respondents said they feel responsible for data security.
5. Even though 97 percent of respondents claim they understand their organization’s data security and privacy standards, 21 percent keep their username and password written down next to their computer.
6. About one in six respondents were unaware of cybersecurity training at their organization, and 29 percent of respondents who receive training only do so once.
7. Of those who receive security training, 17 percent said they still write down their usernames and passwords, and 19 percent said they would be willing to sell confidential data. However, those numbers increase for those who receive frequent training — of the employees who receive quarterly training, 24 percent said they write down their usernames and passwords and 28 percent said they are willing to sell confidential data.
Accenture Managing Director John Schoew, who leads the Health and Public Service Security practice in North America Said:
Health organizations are in the throes of a cyber war that is being undermined by their own workforce. With sensitive data a part of the job for millions of health workers, organizations must foster a cyber culture that addresses these deeply rooted issues so that employees become part of the fight, not a weak link.