More than 50 percent of small, medium and large healthcare organizations have implemented unannounced email phishing exercises to train their employees, according to a recent KLAS and College of Healthcare Information Management Executives report.
For its "How Aligned are Provider Organizations with the Health Industry Cybersecurity Practices Guidelines?" report, KLAS analyzed results of CHIME's 2018 Healthcare's Most Wired survey. Survey responses included more than 600 healthcare organizations, which were asked about their adoption of cybersecurity recommendations made by an HHS task group.
Because email is the most common attack vendor that puts healthcare organizations at risk of cyberattack, the HHS task group recommends practicing monthly phishing simulations to enhance employees' cybersecurity hygiene, the report states.
For the report, healthcare organizations were split up into the following sizes: Small (1-50 beds), medium (51-300 beds) and large (more than 300 beds).
Here is the frequency of phishing exercises completed by the healthcare organizations analyzed in the report:
Small:
· Unannounced: 59 percent.
· Quarterly: 11 percent.
· Annually: 14 percent.
· Once every 2 years or less: 5 percent.
· Never: 11 percent.
Medium:
· Unannounced: 52 percent.
· Quarterly: 20 percent.
· Annually: 12 percent.
· Once every 2 years or less: 6 percent.
· Never: 11 percent.
Large:
· Unannounced: 53 percent.
· Quarterly: 25 percent.
· Annually: 14 percent.
· Once every 2 years or less: 3 percent.
· Never: 5 percent.
To access the full report, click here.