HHS Alerts HPH Sector Concerning Insider Threats in Medical Care

A lot of healthcare data breaches are taking place, however, not all privacy and security issues arise from outside the company. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HCC) has just given an advisory regarding insider threats.

Insider Threats in Healthcare

Cybercriminal gangs, nation-state hacking groups, and single hackers have always targeted the healthcare field, however, there is additionally a substantial threat of information breaches because of insiders. Insider threats refer to those people in a healthcare firm, like staff members, and also contractors and business associates granted access to medical care assets and systems. These persons may know the security strategies used by the company and the system, computer systems, and the location of sensitive data. Quite often they are allowed access to sensitive information to finish their work or contracted responsibilities.

Based on the Verizon 2021 Data Breach Report, external threats declined between 2017 and 2020 and a corresponding increase in internal threats. Insider threats involve healthcare staff who misuse their access rights to steal patient files to execute identity theft and financial fraud, inside agents that swipe sensitive records and offer those details to third parties, and unhappy workers that want to bring about injury to their bosses.

Data breaches that entail these forms of insider threats are frequently covered by the press and healthcare providers typically commit considerable resources to secure against and discover these threats. Tracking tools are used to keep track of unauthorized accessing of healthcare files to recognize employees who were snooping on patient data or stealing sensitive information; nonetheless, the Ponemon Institute’s 2020 Insider Threats Report hints these happenings only make up a comparatively small proportion of insider threat occurrences – approximately 14%.

Other insider threats comprise negligent and sloppy staff that act unnecessarily and people that inadvertently make IT systems and information vulnerable without their awareness. The Ponemon Institute’s report indicates 61% of insider threat incidents are a result of negligent insiders, and credential theft a result of negligent insiders comprising 25% of insider threat incidents.

Negligent insider cases may be a result of staff members not being conscious of security policies, which is usually a training concern. Employees must know the firm’s security guidelines through the onboarding process and ought to be regularly informed concerning those policies afterward as part of routine security awareness training.

Insider threats generally consist of data theft, scam, or system sabotage. All of these may cause problems for the firm and patients/plan members. The Ponemon Institute’s study reveals that around the world organizations lose $11.45 million every year because of insider threats.

Insider Threat Reduction, Detection, and Response

HC3 recommends revising and updating cybersecurity policies and guidelines, confining privileged access and setting up role-based access control, using zero-trust and MFA models, backing up data files and deploying data loss prohibition tools, and managing USB devices all through the corporate network.

Discovering threats calls for regular checking of user activity and frequent audits of access and activity records. A security information and event management (SIEM) system must be utilized to assist with the logging, tracking, and auditing of worker actions.

Insider threat awareness ought to be integrated into security awareness training, which must be made available to employees in the course of onboarding, with refresher training given routinely afterward. Staff members ought to only be granted access to the sources they need to have to carry out their work duties, and stringent password and access management guidelines and practices ought to be enforced. A formal insider threat minimization program must also be produced along with an incident response plan to be sure quick and effective actions could be undertaken when insider threats are found.

The HC3 Insider Threats in Healthcare Report is available here (PDF).