Insider Threat Management

Healthcare in 2018: Where Insider Threats Outnumber External Threats

Share with your network!

An insider leaking patient records at a doctor’s office or hospital may seem like a scene from a TV medical drama. But according to a recent Verizon study, insider threats are all too real, outnumbering external threats in the healthcare industry -- something that’s never happened before in any other industry. Fifty-six percent of the sector’s breaches are caused by insider threat actors, while 43 percent are caused by external risks.


While it’s true that outside hackers love healthcare because of the valuable, personal data entailed, why is healthcare so prime for insider threats?

As it turns out, organisations with lots of employees and contract staff members are especially prone to mistakes -- 24 percent of internal breaches in the healthcare industry were caused by misuse, and 35 percent by user error. But, in a plot twist that’s quite uncommon in other industries, 13 percent of breaches were “driven by fun or curiousity” -- including motives like searching for celebrities staying at medical facilities.

Three of the most common insider threat risks for healthcare organisations include the following:

  1. Theft or misuse of protected health information (PHI)
  2. Theft of misuse of electronic healthcare records (EHR)
  3. Insurance and other financial fraud


Even with a high risk of breach, healthcare facilities are embracing the cloud: 69 percent plan to move their data to the cloud, according to a recent study. In the same study, 55 percent of respondents named employees as the biggest risk to sensitive data stored in the cloud, and 13 percent named third parties with legitimate access. Despite these insider threat concerns, only 14 percent of people said they had visibility into business users’ actions.

So what should a healthcare organisation do to keep its insider threats in check, while maintaining pace with IT modernisation goals?

  • Formalise an insider threat management program.

    Make a real commitment to being proactive by creating an insider threat program to detect, prevent, and remediate active insider threats in progress.

    According to a 2017 HIMMS report, “a formal insider threat management program may be more effective than an informal one. The formal insider threat management program may be consistently applied, enforced, and the organisation may have formal policies, procedures, and sanctions in place.”

  • Get visibility into your people.

    Even though visibility may seem like an unattainable goal to many in the industry, it’s one of the most important elements to detecting and preventing insider threats. Certain user behaviours and actions within a system can be indicators of an insider threat, which if flagged in time, can stop the loss of sensitive data -- and potentially millions of dollars.

  • Monitor critical applications.

    Unlike typical organisations, the healthcare industry handles highly sensitive and valuable PHI in its electronic health record (EHR) applications on a daily basis. A common misconception is that the responsibility for protecting patient data falls to the EHR vendor, but that’s absolutely not the case.

    In order to remain HIPAA compliant, healthcare organisations must take this responsibility into their own hands by monitoring activity on the most critical applications.

Even though insider threats are increasingly common in the healthcare industry, with the right strategy in place, these threats can be detected and prevented.


Learn more about how Proofpoint's insider threat management solution can help.