Employee error has long been acknowledged to be one of the main causes of healthcare security breaches. Still, a recent report by Kaspersky revealed that approximately one in four healthcare employees, ranging from doctors to admin staff, have never received cybersecurity training. Moreover, 11% of those that did receive training said that it only happened once during the on-boarding process.
While most cybersecurity agencies are quick to offer products as solutions, they often forget that successful implementation is heavily dependent on employee education and training. Below is a list of six organizations that offer cybersecurity training for employees in the US:
AT&T provides cutting edge cybersecurity solutions for businesses of any size. It recognizes the importance of securing the human element in any organization. AT&T offers Cybersecurity IQ Training, which is made up of 18 video lessons and quizzes. They educate employees on HIPAA protocols, how each individual's actions can have collective detrimental consequences on the entire organization, what constitutes an acceptable use of a system, password security and a wide range of other relevant issues.
Barracuda is a cybersecurity organization that specializes in email, application, data and cloud protection. Its training program, Barracuda Phishline, aims to transform employees from potential threat actors into lines of defense. It trains employees in protecting themselves and their organizations against various forms of phishing including email threats, Smishing (SMS phishing) and Vishing (Voicemail phishing). It also educates them on how to protect physical media such as USBs or hard drives. Barracuda's training keeps employees engaged by gamifying the learning process and offers additional training materials for further education.
Clearwater Compliance provides cyber risk management solutions including HIPAA workforce training, turning unsuspecting employees into defense assets that play a role in safeguarding data. This is done through a web-based program divided into modules on HIPAA compliance for covered entities, business associates and hybrid entities, as well as overall security awareness. Clearwater describes this program as thorough, affordable and effective.
HITRUST promotes frameworks, methodologies and programs that focus on protecting sensitive data, risk management and compliance. It launched HITRUST Academy® to help organizations understand and implement the HITRUST CSF, a comprehensive framework that unites various laws and guidelines such as HIPAA and NIST under a single approach. The courses it offers educate security professionals on compliance, risk management and data protection.
Sensato offers healthcare entities advanced cybersecurity solutions and protection that meet HIPAA requirements and the NIST guidance. Moreover, it offers tactical training and drills to organizations so that employees can gain experience in prevention, defense and incident response. Trainers conducting the program are specialized in cyber criminal tactics and offer their knowledge and experience to the IT teams they train.
Systems Engineering offers seamless and secure technology solutions and focuses on managed IT, security and cloud computing. Its Security Awareness Training is offered to organization employees to better prepare them for potential threats. Though the program is offered online, it is interactive and trains users via simulated attacks.