Insider threats in healthcare

Insider threats are hidden risks in an organization that could come from employees or malicious agents. These threats infiltrate the organization's security measures and gain access to sensitive or private financial data. In a healthcare setting, this could potentially result in a violation or breach of HIPAA. 

What is an insider threat?

An insider threat in the healthcare and public health (HPH) sector refers to the potential risk posed by individuals who have authorized access to an organization's assets, information, and computer systems but may misuse that access in a way that negatively impacts the organization. These threats can come from various sources, including employees, contractors, and third parties. 

See also: Defending against AI cyberattacks in healthcare

Forms of insider threats to look out for in healthcare

• Careless or negligent workers
• Malicious insiders
• Inside agents
• Disgruntled employees
• Third parties

How insider threats impact healthcare organizations

Insider threats in healthcare organizations impact the industry from a broader perspective. They erode trust in the healthcare sector, as the public may become more wary of sharing their sensitive information with healthcare providers. This can hinder data-sharing initiatives, research collaborations, and the development of patient-centric healthcare solutions. 

Additionally, insider threats can lead to the organization being required to provide notice of security breaches and provide evidence of measures implemented to secure against the insider threats, this may result in higher operational costs. 

Furthermore, insider threats influence insurance premiums for healthcare organizations, making it more expensive for them to protect themselves against such risks. Therefore, these threats not only harm individual healthcare organizations but can have ripple effects on the entire healthcare ecosystem.

Recommended best practices to mitigate the risks

1. Insider threat mitigation program: Establish a formal insider threat mitigation program that outlines strategies, responsibilities, and procedures for addressing these threats.
2. Security agreements with third parties: Define explicit security agreements for third-party vendors, particularly specifying access restrictions and monitoring capabilities.
3. Secure communication: Utilize encrypted communication methods with data protection at the forefront. Solutions such as HIPAA compliant email offer a seamless way to ensure employee communication is secure and monitored. 
4. Collaboration between leadership, IT, and HR: Promote collaborative efforts among healthcare leadership, IT departments, and Human Resources to effectively identify and address insider threats.
5. Behavior analytics: Implement tools to monitor and analyze user behavior patterns. These tools can detect deviations from normal behavior and issue alerts when suspicious activities are identified.
6. Endpoint Detection and Response (EDR): Deploy EDR solutions on endpoints (e.g., desktops, laptops, and servers) to monitor and respond to suspicious activities at the device level. EDR tools can help identify insider threats in real-time.
7. Data classification: Classify data based on sensitivity and establish policies for handling, storing, and sharing each data category. This helps in focusing security measures on the most necessary data assets.
8. Network segmentation: Segment the network into isolated zones with limited communication between them. This limits the lateral movement of potential insider threats within the network.
9. Security Information and Event Management (SIEM): Implement an SIEM system to centralize and correlate logs from various systems. SIEM can provide real-time analysis of security alerts and help identify insider threats.
10. Application blocklisting: Use application blocklisting to control which software and applications are allowed to run on endpoints. This prevents unauthorized or malicious software from executing.
11. Insider threat awareness training: Provide specialized training to employees, contractors, and third parties about the risks of insider threats. Make them aware of the consequences and how to report suspicious activities.
12. Employee monitoring software: Consider using employee monitoring software to track and analyze employee activities, especially in roles with high levels of access and responsibility.

The $16.2 million insider security threat and urgent need for change

A 2023 DTEX systems Cost of Insider Risk Report shows that insider security threats come in two main types: malicious or non-malicious. The malicious threats involve people stealing information, committing fraud, or even doing violent things at work.

Non-malicious incidents happen when people make mistakes, or someone tricks them, like falling for phishing emails. What's really necessary is how much money these incidents can cost. Even though intentional harm is not as common, it is the most expensive, costing about $701,500 each time.

See also: The $16.2 million insider security threat and urgent need for change

Insider threats in the news

The pioneering electric vehicle manufacturer Tesla recently experienced a significant data breach due to an insider threat that affected over 75,000 of its current and former employees. The breach revealed sensitive personal information, including Social Security numbers, and was orchestrated by two former employees of the company.