When it comes to data breaches, it’s very possible that the threat comes from within your organization:

  • A Wall Street Journal article reported that out of 450 data breaches at hospitals,
    health insurers, and other healthcare-related service providers who house sensitive patient information, 192 were blamed on insiders.
  • In the first nine months of 2017, unintended disclosure accounted for 41 per cent of data breach incidents reported by healthcare organization clients. Examples of unintended disclosure included an email containing personal health information(PHI) sent to the wrong recipient, discharge instructions given to the wrong patient, or a server containing PHI accidentally left open to the public.

These insiders may be negligent employees who prioritize speed over security, succumb to curiosity, or fall for email phishing scams. Insiders can also be malicious, selling PHI for money or to ‘get back’ at an institution. Regardless of the motive, the insider is often the weakest point within even the most robust security plan. However, there are several things you can do to ensure employees are security conscious and to mitigate against an insider attack. Continue reading in Health IT Outcomes.

Insider Threat Detection