Insider Threat Healthcare

It’s not surprising as they deal with huge amounts of sensitive data on a daily basis, all of which must be accurate, current and easily accessible.

Verizon 2018 Data Breach Investigations Report (DBIR)

According to The Verizon 2018 Data Breach Investigations Report, 56% of data breaches in the Healthcare industry were incidents involving insiders.  It is the only industry where insider threats were the biggest threat to the organisation, above malware, which in itself is a huge concern for the healthcare industry following May 2017’s WannaCry Ransomware attack on the NHS.

Verizon Protected Health Information Data Breach Report

Over 80% of incidents comprised of people utilising established logical or physical access to sensitive data in an unauthorised manner with sensitive data being mis-delivered as the most common type of error. 

Many of the insider threat incidents were not deliberate but still prove to be costly.

Insiders aren’t just full or part-time employees, they can be 3rd party contractors or business partners and its important to ensure that all are aware of the possible threats and comply with your policies and procedures at all times.

Although its not possible to ensure every single employee is trustworthy and/or complies with all policies and procedures, it is possible for organisations to minimise the risk, here are some ways this can be achieved:

Minimise Your Risk

• Identify your sensitive data
• Identify who has access to sensitive data
• Identify the threat and assess the likelihood of it happening
• Only keep data on a need to know basis
• Encrypt sensitive data
• Use two-factor authentication
• Shred confidential data
• Monitor access to files and records
• Log file changes
• Employ trustworthy people
• Identify individuals who may pose a risk
• Investigate any insider acts and have disciplinary procedures in place
• Monitor and assess employee actions
• Identify unhappy employees
• Track user behaviour
• Ensure employees are trained to spot risk and encourage them to act in a more security conscious way
• Use temporary accounts for 3rd party employees which expire on a certain date and remove & disable accounts as soon as employees leave
• Ensure policies and procedures are in place
• Ensure employees are aware of the latest phishing scams
• Ensure patches are installed promptly and up-to-date, the WannaCry attack could have been avoided if IT staff had installed the latest patch as soon as it had been released in March 2017
• Frequently audit your systems

Good security practice and a transparent framework where all staff are responsible is the first step in reducing your risk, keeping track of it going forward could save you a lot of hassle and money.