HHS Advises HPH Sector Regarding Insider Threats in Medical Care

Numerous healthcare data breaches are happening, yet not all privacy and security problems originate from beyond the company. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HCC) has lately released an alert regarding the threat from the inside.

Insider Threats in Healthcare

Nation-state hacking gangs, cybercriminal groups, and solitary hackers have generally attacked the healthcare sector, nevertheless, there is likewise a substantial threat of information breaches caused by insiders. Insider threats pertain to those people inside a healthcare firm, for example, workers, and also contractors and business associates allowed access to medical care resources and systems. These persons may understand the security routines used by the company and the system, computer applications, and the location of sensitive data. Often they are given access to sensitive information to finish their work or contracted obligations.

As per the Verizon 2021 Data Breach Report, external threats decreased from 2017 to 2020, and a correlated surge in insider threats. Insider threats consist of healthcare workers who misuse their access privileges to steal patient files to carry out identity theft and financial fraud, internal agents that acquire sensitive information and give that data to third parties, and dissatisfied staff members that would like to bring about hurt to their companies.

Data breaches that involve these types of insider threats are frequently covered by the press and healthcare companies frequently commit considerable resources to safeguard against and determine these threats. Tracking programs are employed to check unauthorized accessing of medical data to determine employees who were viewing patient files or stealing sensitive records; nevertheless, the Ponemon Institute’s 2020 Insider Threats Report indicates these occurrences only represent a fairly small percent of insider threat occurrences – about 14%.

Other insider threats consist of negligent and reckless employees that act wrongly and persons that unintentionally put IT systems and information in danger without their knowledge. The Ponemon Institute’s report shows 61% of insider threat cases are because of negligent insiders, and credential theft caused by negligent insiders makes up 25% of insider threat incidents.

Negligent insider occurrences may be due to workers not being mindful of security guidelines, which is usually a training problem. Employees ought to know the company’s security guidelines in the course of the onboarding process and must be regularly told about those policies after that as part of standard security awareness training.

Insider threats usually entail data theft, fraudulence, or system sabotage. These could cause hurt to the firm and patients/plan members. The Ponemon Institute’s study shows that worldwide companies lose $11.45 million per year due to insider threats.

Insider Threat Deterrence, Identification, and Response

HC3 suggests changing and making updates to cybersecurity policies and guidelines, restricting privileged access and creating role-dependent access control, employing zero-trust and MFA models, backing up data files and using data loss protection solutions, and managing USB devices throughout the corporate network.

Finding threats demands continuous checking of user activity and frequent checks of access and activity records. A security information and event management (SIEM) system ought to be utilized to assist with the recording, tracking, and auditing of staff actions.

Insider threat awareness must be included in security awareness training, which ought to be given to employees through onboarding, with refresher training offered routinely afterward. Workers must only be provided access to the assets they require to carry out their work duties, and stringent password and access management guidelines and practices must be carried out. A formal insider threat minimization program ought to also be created together with an incident response plan to make sure quick and effective actions could be utilized when insider threats are discovered.

You can read about the HC3 Insider Threats in Healthcare Report here (PDF).