The survey found that many healthcare employees have poor cybersecurity behaviors and attitudes. 21% write down passwords by their computers, 24% are aware of unauthorized access to patient data within their organization, and 18% said they would be willing to provide unauthorized access for money. Nearly half are aware of patient data breaches at their organization. Cybersecurity training is not effective, with 16% receiving no training, and increased training did not correlate with better behavior. Willing compliance with security policies is still lacking, with nearly 1/3 questioning their effectiveness and 15-20% admitting to violations. The report calls for optimized training, limiting access, monitoring activity, and using multiple security techniques.