In April of 2018, Utah-based company HealthEquity reported 23,000 accounts were compromised in a data breach when an employee fell for a phishing scheme. As a result of human error, information like employee names, deduction amounts and social security numbers were exposed. The HealthEquity breach is hardly an isolated incident in healthcare or any industry for that matter. According to research from historical claim data analyzed by London-based consultancy Willis Towers Watson, 90% of all cyber claims stemmed from some type of human error or behavior. While organizations can’t control the actions of cybercriminals and rogue staff members, they can address how employees approach security and mitigate the risk of a breach by strengthening internal cybersecurity habits. Addressing the problem could be a simple matter of conducting training sessions that advise employees to use approved software and apply strong passwords—or applying common sense practices around technology access. You don’t even need to start with a massive awareness campaign, start small, talk to a professional, find out where your gaps are and plan from there.