Insider Threats—Healthcare’s Crippling Reality

Share This Post

Share on twitter
Twitter
Share on linkedin
LinkedIn

We often learn about the latest security issues, threats, vulnerabilities, attacks, and ransoms every day. While much of the advertised information we read is about external vulnerabilities, there is another, often-overlooked, hazard lying in wait: Insider threats.

What are Insider Threats?

An insider threat is an often-overlooked security threat from within an organization.
Often an employee, contractor, business associate or, third-party entity, an insider threat is anyone who had or still has access to proprietary information within an organization. Due to the unforeseen nature of these breaches, traditional security measures and products often fail in preventing and detecting insider threats.

Why should organizations be concerned?
  1. 75% of internal breaches go unnoticed. An employee logging-in is easily overlooked in comparison to an external threat.
  2. Internal breaches are twice as costly and damaging as external threats due to the longevity of the breach and the detection lag
  3. 69% of organizations that were breached internally had a prevention solution in place, but still failed to detect the attack.
  4. On average, it takes 32 months to detect an internal breach.
  5. 65% of breaches are unintentional, making privileged-users the largest risk for organizations.
  6. Not every breach is the result of maliciousness, recklessness, or negligence, but regardless, the presence of human error in internal breaches means organizations have to invest in training, education, and technology that work with the user in mitigating insider threats.
Why should Healthcare organizations be concerned?

Hackers leverage highly targeted phishing campaigns to gain access to healthcare organizations’ networks, which serves as a critical reminder for the need to frequently train and educate employees. In general, healthcare entities are able to detect external hacking incidents quicker than insider incidents. There are many cases of hacking incidents have been discovered in one day, while insider incidents have proceeded without detection for years. Healthcare is the most vulnerable industry to internal threats, with 59% of all breaches being internal-infiltrations
in 2018. (Verizon DBIR report 2019)

Current State of Healthcare –

  • 15 million patient records were breached in 2018 over 503 breaches. 139 were internal breaches responsible for over 2.3 million patient records. (Protenus Breach Barometer 2019)
  • 32 million patient records were breached in the first half of 2019 across 285 breaches; The new Protenus 2019 Breach Barometer found the number of breached patient records tripled from 2017 to 2018, as healthcare data security challenges increased.
  • 91% of healthcare organizations have had at least one data breach involving the loss of patient data in the last two years (Forbes)
  • 68% of patients are not confident that their medical records are secure with their healthcare providers (Ponemon Medical Identity Threat Report)
How should Healthcare organizations manage & mitigate this threat?
  • Proactive Insider Threat monitoring – User & Entity Behavior Analytics (UEBA), Endpoints Controls
  • Auditing & managing privileges & permissions
  • Implementing a device management policy
  • Security training and testing among employees
  • Policies & Procedures for increasing accountability amongst employees & contractors
  • Incident Response Strategy & Plan
How does HITRUST prevent Insider Threats?

HITRUST’s Cybersecurity Framework (CSF) provides a comprehensive security blueprint for organizations to achieve and adhere to.

HITRUST requires organizations to have the following controls in place in order to prevent insider threats –

  1. Employee awareness & education
  2. Secure workplace and data practices
  3. Confidential data taxonomy
  4. Auditing & managing privileges & permissions
  5. Secure disposal/re-use of media/equipment
  6. Compliance to policies & procedures
  7. Acceptable use of assets
  8. Reporting of security incidents
Scroll to Top

CONTACT US TO MAKE YOUR NEXT MOVE

This website uses cookies to ensure the best user experience. By using this site, you agree to the use of cookies as explained in our privacy policy.