Some Health Employees Willing to Sell Confidential Data, Survey Finds | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Some Health Employees Willing to Sell Confidential Data, Survey Finds

March 1, 2018
by Rajiv Leventhal
| Reprints

Nearly one in five health employees (18 percent) said they would be willing to sell confidential data to unauthorized parties, according to a new survey from consulting and services company Accenture.

The survey, of 912 employees of provider and payer organizations in the U.S. and Canada, found that the 18 percent of respondents willing to sell confidential data to unauthorized parties would do so for as little as between $500 and $1,000.  In addition, respondents from provider organizations were significantly more likely than those in payer organizations to say they would sell confidential data (21 percent vs. 12 percent). This includes selling login credentials, installing tracking software and downloading data to a portable drive, among other actions.

The survey also found that health employees’ willingness to sell confidential data is more than just hypothetical: roughly one-quarter (24 percent) of the respondents said they know of someone in their organization who has sold their credentials or access to an unauthorized outsider. These actions contribute to the vast impact of cybercrime that health organizations spent an estimated $12.5 million each, on average, addressing in 2017.

According to data from the Ponemon Institute, the cost per leaked record in the healthcare sector has once again risen, from $369 in 2016 to $380 in 2017.

“Health organizations are in the throes of a cyber war that is being undermined by their own workforce,” John Schoew, who leads Accenture’s health and public service security practice in North America, said in a statement. “With sensitive data a part of the job for millions of health workers, organizations must foster a cyber culture that addresses these deeply rooted issues so that employees become part of the fight, not a weak link.”

While nearly all (99 percent) of the respondents said they feel responsible for the security of data, their behavior suggests that organizations cannot rely solely on employees to safeguard data, as evidenced by the 21 percent who said they keep their user name and password written down next to their computer. Ironically, nearly all (97 percent) of the respondents said they understand their organization’s explanation of data security and privacy.

What’s more, while nearly nine in 10 (88 percent) respondents said that their organization provides security training—with such training mostly mandatory—the findings suggest that training is not an absolute deterrent. Of those who receive security training, 17 percent said they still write down their user name and passwords, and 19 percent said they would be willing to sell confidential data.

Surprisingly, those numbers increase for those who receive frequent training: of the employees who receive quarterly training, 24 percent said they write down their user names and passwords and 28 percent said they are willing to sell confidential data. This suggests that it’s the quality, not the frequency or quantity, of training that matters, Accenture officials noted.

“Employees have a key role in the healthcare industry’s battle with cyber criminals,” Schoew added. “As payers and providers invest in digital to transform productivity, cut costs and improve quality, they need a multi-pronged approach to data security that involves consistent and relevant training, multiple security techniques to protect data and continuous monitoring for anomalous behavior.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).

Circulation, Buoy Health Collaborate on Integrated Platform for Patient Transportation

Boston-based startup Circulation Health, a ride-ordering exchange that coordinates medical transportation logistics using Lyft and other transportation partners, is partnering with Buoy Health, also based in Boston, to integrate their platforms to provide patients with an end-to-end healthcare experience.

HITRUST Provides NIST Cybersecurity Framework Certification

The Health Information Trust Alliance (HITRUST), security and privacy standards development and accreditation organization, announced this week a certification program for the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (Framework).

Report: Interoperability in NHS England Faces Similar Barriers as U.S. Healthcare

Electronic patient record interoperability in NHS England is benefiting patient care, but interoperability efforts are facing barriers, including limited data sharing and cumbersome processes falling outside of the clinician workflow, according to a KLAS Research report.

Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.

$30M VC Fund Launched to Spur Innovation in Cardiovascular Care

The American Heart Association, together with Philips and UPMC, has announced the launch of Cardeation Capital, a $30 million collaborative venture capital fund designed to spur healthcare innovation in heart disease and stroke care.