Healthcare cyber attacks have doubled since 2018 with nearly 32 million patient records breached in 2019. According to a Kaspersky report, nearly a third of healthcare employees (32%) never received cyber-security training from their workplace.

More than a fifth of respondents (21%) in North America admitted that they were not aware of the cyber security policy at their workplace. Two in five healthcare workers (40%) in North America reported having no knowledge about their organizations’ cyber-security measures to protect IT devices. When breaking down the results by region, just over a third (34%) of respondents in the U.S. and just over a quarter (27%) of Canadian respondents said they were aware of the cyber-security policy at their workplace, but have only reviewed it once.

Insiders were responsible for breaching more than 3 million patient records and 20% of total breaches so far in 2019, according to a Protenus report. Data breaches also come with a hefty price tag—to the tune of $6.45 million on average.

When examining if the size of an organization had an effect, a lack of awareness of device security increased with size—53% of employees at small businesses were aware of their organization’s device security and that dropped to 36% of employees at enterprise businesses.

Along with beefing up employee cyber-security training, the report recommends addressing gaps in education and increasing awareness by hiring a skilled IT team that understands healthcare’s unique security risks to put the proper protections in place.

IT teams need to establish a clear cyber-security policy and effectively communicate that policy to employees on an ongoing basis for increased awareness, the report said.