Healthcare IT staff often assume they know what they’re doing when it comes to data security, and all the other employees are likely to create a data breach by falling for an online phishing scam or other hacking attempt. But a recent report suggests IT staff can make big mistakes, too.

One-quarter of IT workers admitted to falling for a phishing scam, compared to 21% of office workers and 34% of business owners and high-execs, according to a recent survey by Intermedia, a company providing data protection. Intermedia surveyed more than 1,000 full-time workers and asked questions about data security and the behaviors that can lead to data breaches, malware, and ransomware attacks. (The report is available online at

Another disconcerting finding was that 14% of office workers either lacked confidence in their ability to detect phishing attacks, or were not aware what phishing is.

Confidence in the ability to detect phishing scams generally was high among office workers, with 86% believing they could identify phishing emails, although knowledge of ransomware was found to be lacking, especially among female workers. Forty percent of female workers did not know what ransomware was, compared to 28% of male workers. Thirty-one percent of respondents said they did not know what ransomware was prior to taking part in staff training sessions. The report includes these other findings:

  • Thirty percent of office workers said they did not receive regular training on how to deal with cyber threats. Only 70% of companies provide regular training and threat information to employees, and 11% of companies offered no security training whatsoever.
  • Many employees are so embarrassed and concerned about installing ransomware that they pay the ransom demand out of their own pocket. Out of the office workers who had experienced a ransomware attack, 59% personally paid the ransom and the average ransom payment was $1,400. The ransom typically was paid quickly in the hope that data could be restored before anyone else found out about the attack. Only 37% said the ransom was paid by their employer.
  • Even when the ransom is paid, businesses still experience considerable downtime. One in five ransom payments will not see viable decryption keys provided by the attackers.