Professional Documents
Culture Documents
Creative Based Inquiry Paper 2
Creative Based Inquiry Paper 2
Doctor Said
2 November 2021
Statement of Problem
How would you feel if your personal medical history was being sold on the black
market? This can be a daunting thought when you realize how much information, like your social
security number and credit cards, is kept inside these databases that are constantly at risk of
being hacked. Hackers are interested in getting ahold of your Personal Health Information (PHI)
which can be sold for 350 times more than the price of credit card information, making
healthcare databases particularly prized targets (Sager). Weak passwords, malware, and a lack of
education among companies are leading to healthcare practices being unable to operate and the
loss of trust from patients. Some possible solutions to this problem include multi-step
verification methods and implementing encryption into software. However, most data security
issues are caused by human error. To solve the problem of data breaches in the healthcare
industry, individual practices should implement employee security awareness training because
employees will have the knowledge of how to properly protect their data, patients will have more
confidence in the company, and the success of the program will be measurable.
Proposed Solution
Employee security awareness training consists of programs that inform employers and
employees of potential security risks and how they can successfully combat them. While this
may sound like a painful learning experience, some companies have included videos and
interactive slides within their modules that range from 5-10 minutes in length. According to
Tissian, a security firm, younger workers are five times more likely to make detrimental security
mistakes (Becerra). Employers should make sure employees complete security safety modules
soon after they begin working to build their knowledge of popular hacking tactics, and what they
typically look like as they start to encounter them. Additionally, companies should routinely
implement the modules throughout the year to make sure employees are always staying alert and
aware of proper precautions. Companies should undergo this training during the work day and in
the place of work to ensure employees are engaged and practicing these measures in the manner
they would encounter them at work. There is not much progress being made if the employees do
not use the skills they are taught in the modules practically and in the setting they will later face
Justification
One reason employee security awareness training is the best solution to data breaches in
the healthcare industry is that employees will have the knowledge of how to properly protect
their data. According to a study done by Stanford University Professor Jeff Hancock and security
firm Tessian, 88% of data breaches are caused by human error (Psychology of Human Error'
Could Help Businesses Prevent Security Breaches) which emphasizes that employees are at the
forefront of data security. In a personal interview with Brigitte Tobola, a cyber security
consultant for the National Institute of Health, she stated, “I have worked with many employees
whom have said awareness training has helped them in securing their data and making far less
mistakes” (Tobola). It is imperative that they know how to recognize tactics like phishing and
malware, as well as be wary of mistakes made when they are tired like sending an email to the
wrong person. Employee security awareness training can stress the importance of making
security a habit rather than a hassle. The implementation of this system will benefit your
Another reason employee security awareness training is the best solution to data breaches
in the healthcare industry is that patients will have more confidence in the company. With so
much competition in the healthcare industry, a strong security system will set a business apart
from the rest. In her interview, Brigitte Tobola stated “Practices, especially smaller ones, get
their patients through referrals” (Tobola). You will want your patients to know that you are
secure and trustworthy. You can also use the implementation of this program as a marketing
point. Customers’ confidence in a company is the most competitive point between businesses
(Burt). Patients should not have to worry about more than getting back to being healthy.
A third reason employee security awareness training is the best solution to data breaches
in the healthcare industry is that the progress is measurable. Companies will be able to monitor
the employees’ progress of the modules as well as the program’s success rate. Most programs
send out simulation emails to see if employees use the skills they have been taught (Becerra).
Measurability is important in an effective solution because then it can be altered and tailored to
match a company's specific needs or focus on a defined weak point based on the security
The first major consideration that comes to mind is money. Not only does the training
cost money to put on with the teachers, location, and curriculum, but when you add on the
revenue lost during training time it can seem steep. These programs can range from $250 to
$1650 and up depending on how many employees are being put through the program (Becerra).
What can help alleviate the shock of those numbers is looking at them next to the financial
damage that security breaches can reap on medical companies. The average data breach costs
around $200,000, depending on the size of the company and the amount of data lost (Stika). This
cost does not take into account the legal fees, let alone the damage of reputation a company can
face. As one can see the monetary cost of training seems big at first but when compared to the
costs it is saving, it pales in comparison and seems like a clear decision. This figure does not take
into account the new customers that will be brought in if stronger security measures are
implemented. Most new business in the sector comes by word of mouth; if a firm is known to
have secure databases and informed staff they will surely gain popularity.
Another limitation companies in the healthcare industry might face is a lack of time to
implement the modules. You might think the revenue lost during the time these programs are
being implemented will be detrimental, but the benefits will pay for the lost time. According to
Pensar, Security-related risks are reduced by 70% when businesses invest in cybersecurity
training and awareness (Williams). A data breach is not something you should risk when dealing
with your company and the safety of your patients. Once these programs are implemented the
fear of a data breach occurring will be eliminated and healthcare workers will be able to focus on
Conclusion
You may be thinking “What’re my next steps now?” The first step would be researching
credible cyber security companies that offer training for employees. The things that should be
considered are success rate, cost of program, and the duration of the program. Finding a
company that is the right balance for your employees will be important; you do not want to take
too much time away from your employees’ doing their job. You will also want to research what
aspects of cyber security are taught and if they keep up to date with the latest hacking techniques
and patterns. Incorporating cyber security awareness training will not eliminate cyber attacks
completely, but it is the step we need to a more secure and safe world.
Table 4 shows the total number of healthcare data breaches and the total number of individuals
Becerra, Xavier. "Security Awareness and Training." HHS.gov, US Department of Health and
Burt, Andrew. "Cybersecurity Is Putting Customer Trust at the Center of Competition." Harvard
"'Psychology of Human Error' Could Help Businesses Prevent Security Breaches." CISOMAG,
Sager, Tony. "Cyber Attacks: In the Healthcare Sector." Center for Internet Security, 7 Feb.
2021.
Seh, Adil Hussain et al. “Healthcare Data Breaches: Insights and Implications.” Healthcare
Stika, Nicole. "5 Ways to Drive Energy Efficiency at Your Business in 2016." Greater
Business/Operations/5-ways-to-drive-energy-efficiency-at-your-business-in-2016.