In 2020, the number of cyberattacks against healthcare organizations doubled, compromising the health data of over 26 million Americans.
Ransomware attacks accounted for 28% of these breaches. As a result, patients and healthcare providers faced significant challenges, like inaccessible medical records, delayed treatments, and even rerouting of ambulances in emergency situations. (1)
Employees are Weakest Link in Cybersecurity Chain
As it stands now, current methods of training employees in cybersecurity practices are flawed.
If training even occurs, it’s often only once or twice a year. Employees receive an “information dump” and are expected to retain what they’ve learned. But science shows that there is a forgetting curve when information is taught like that, resulting in only 20% of the information being retained after 30 days without reinforcement. (2)
Research suggests that up to 90% of data breaches occur as a result of employee error. (3) Despite HIPAA requirements, 1 in every 4 healthcare employees never receives cybersecurity training, and 1 in 5 don’t see a reason to learn about common cybersecurity issues—such as password length and complexity, general privacy, WiFi weaknesses, and phishing—at work. (4)
In many cases, employees simply don’t understand why companies need strong security processes, even though more employees have access to networks and critical digital systems than ever before. This lack of understanding, having to integrate inconvenient new security protocols, and general resistance to change all factor into employees’ unwillingness to adopt new strategies to protect information. (5)
“Personal information is at risk from criminals trying to collect healthcare data. Educating and empowering employees to share in the responsibility of protecting healthcare organizations is the most effective way to stop them.” – Heather Stratford, Founder and CEO, Drip7
After recognizing the need for better cybersecurity training, Stratford’s team of developers and HIPAA experts worked with a large healthcare system with 11 hospitals and 20,000 employees to develop Drip7, a suite of technical and security-focused training areas designed to increase employee awareness and strengthen cyber practices.
How Drip7 Changes Cybersecurity Training
Drip7 helps all employees, from physicians to administrative staff, change their cyber behaviors for good with gamified training. These micro-learning units engage employees with different rewards systems and team events and may be accessed anytime, anywhere.
Technologies like Drip7 differ from traditional training methods with small, customizable daily training sessions designed to develop employee skills and promote information retention. This gives everyone a leg up on criminals who may target them for cyberattacks.
These training sessions are short and to the point, allowing employees to complete exercises more consistently than with other learning methods. And research shows that less is more—perceptual learning to improve task performance is more effective using short training sessions compared to longer lessons. (6)
“Protecting sensitive healthcare data starts when organizations recognize their own vulnerability and take steps to mitigate it. Our solution, which trains employees on common scams, methods to protect themselves, and what they should do in the event of a cyberattack, is key to achieving secure, protected data systems.” – Heather Stratford
Heather Stratford can speak to the following:
- How the increase in cyberattacks has made healthcare organization’s protected health information more vulnerable and disrupted normal operations.
- How HIPAA’s lack of policies directing healthcare cybersecurity and privacy practices puts patients and employees at risk.
- How employee error contributes to cybersecurity breaches.
- The need for engaging, comprehensive cybersecurity training in healthcare facilities.
- How comprehensive cybersecurity training boosts employee accountability and empowers them to help protect their workplace.
Drip7 is the brainchild of cybersecurity expert and Stronger International Founder and CEO Heather Stratford as a result of a client wanting to fix a specific problem: empowering the weakest link—the human—to be better at cybersecurity. With its first few clients (a large educational institution, hospital system, and government agency), Drip7 is proving its usefulness in changing the old system of training and information retention in any workforce. Stratford explains it as, “Drip7 is a micro-learning platform that is reinventing the way organizations train their employees and build lasting cultural change within them, especially in today’s age of remote workforces.” For more information, visit drip7.com and stronger.tech.
- Davis, Jessica. “560 Healthcare Providers Fell Victim to Ransomware Attacks in 2020.” HealthITSecurity, HealthITSecurity, 19 Jan. 2021, healthitsecurity.com/news/560-healthcare-providers-fell-victim-to-ransomware-attacks-in-2020.
- Denny, Juliette. “What Is The Forgetting Curve (And How Do You Combat It)?” eLearning Industry, 17 Apr. 2018, elearningindustry.com/forgetting-curve-combat.
- Spadafora, Anthony. “90 Percent of Data Breaches Are Caused by Human Error.” TechRadar, TechRadar Pro, 8 May 2019, techradar.com/news/90-percent-of-data-breaches-are-caused-by-human-error.
- Chapple, Mike. Why All Healthcare Workers Need Cybersecurity Training, HealthTech, 1 May 2019, healthtechmagazine.net/article/2019/10/why-all-healthcare-workers-need-cybersecurity-training.
- Alton, Larry. “How to Get Your Employees to Care About Cybersecurity.” ISACA, 22 Apr. 2019, isaca.org/resources/news-and-trends/isaca-now-blog/2019/how-to-get-your-employees-to-care-about-cybersecurity.
- Molloy, Katharine, et al. “Less Is More: Latent Learning Is Maximized by Shorter Training Sessions in Auditory Perceptual Learning.” PloS One, Public Library of Science, 2012, ncbi.nlm.nih.gov/pmc/articles/PMC3351401/#:~: