AI exacerbates cyber security worries in healthcare sector

New research conducted by e2e-assure indicates a significant concern among healthcare organisations regarding employee engagement in cyber security training and the impact of emerging technologies like AI on cyber defences.

The study revealed that a substantial 76% of cyber risk owners within the healthcare sector believe that most cyber attacks result from insufficient employee diligence. Further, over 28% of employees in the sector admitted to being disengaged in the training provided by their employers.

AI technologies are contributing to the apprehension, with 72% of healthcare organisations expressing concern over the threats posed by these advancements. Although 88% of healthcare cyber risk owners express confidence in their AI-related policies, a notable 50% of healthcare workers remain either unsure of their presence or unaware of their specifics.

The integration of AI tools such as ChatGPT and Copilot into regular operations is prevalent, with 41% of healthcare workers accessing these technologies at least weekly. Simultaneously, 41% of the workforce report having been victims of cyber attacks, highlighting a disconnect between the presence of AI policies and worker awareness and understanding.

The issue of training efficacy comes into sharper focus with 52% of workers describing their engagement in cyber training as "somewhat engaged" and 28% as "not engaged" at all. The correlation between these engagement levels and the belief held by 76% of cyber risk owners that employee negligence is a primary attack vector underscores the need for effective training.

Recent cyber events, including a ransomware attack on Synnovis impacting London hospitals, accentuate the risks faced by the sector. 27% of healthcare employees reported receiving both training and discipline upon contributing to a breach, while 25% attended training sessions alone as a consequence. Worryingly, 32% of employees were unsure of the repercussions for such breaches.

Data from the research highlights a misalignment between the types of training provided and what employees find engaging or beneficial. Only 38% of healthcare employees have access to real-life scenario training, compared to the 82% who believe such methods would enhance engagement.

Rob Demain, Founder and CEO of e2e-assure, shared insights on the sector's challenges, stating: "Our research paints a picture of a sector under immense pressure as cyber attackers advance their threat tactics and open AI tooling gradually cements its way into everyday operations." He added, "This sector's reactive approach to cyber defence and employee training is serving to disengage employees and increase cyber risk. To achieve the resilience cyber risk owners desire, a proactive approach to cyber security must instead be taken and training tailored to employee needs."

The study outlined four recommendations aimed at enhancing cyber resilience: tailoring training programs to better engage employees, fostering a security-aware work culture, deploying automation to minimise human error, and ensuring appropriate providers are utilised.