Insider Threat Management

Defending Against Insider Threats in Healthcare

It is no secret security breaches from both external and internal threats continue to plague the healthcare sector. However, according to a recent HIMSS report, the majority of healthcare organizations appear to be fighting back in a big way.

The 2017 HIMSS Cybersecurity Survey is based on the findings of a 2017 poll of 126 healthcare IT security professionals.

Key findings show 80% of respondents said their organization has employees specifically dedicated to cybersecurity. 60% indicated they have a senior information security leader like a CISO. Additionally, 75% have an insider threat management program.

Let’s take a look at how this survey views insider threats and what tools, like Proofpoint ITM, can do to help.

The big insider threat challenge in healthcare is that users – IT administrators, external vendors, contractors and employees – have direct access to the organization’s sensitive healthcare data and systems. They need this access to do their jobs, but this access generates massive insider threat risk. The survey characterized insider threat into two main categories based on CERT SEI at Carnegie Mellon research:

An unintentional insider threat is defined as follows: An individual, such as a current or former employee, contractor, or business partner, who currently has, or previously had, authorized access to an organization’s network, system or data;

Through action or inaction and without malicious intent, the individual causes harm or substantially increases the probability of future serious harm to the confidentiality, integrity, and availability of the organization’s information or information systems.

A malicious insider threat is defined as follows: An individual, such as a current or former employee, contractor, or business partner, who currently has, or previously had, authorized access to an organization’s network, system or data.

The individual intentionally exceeded or has purposefully used that access in a manner that negatively affected the confidentiality, integrity, and availability of the organization’s information or information systems.

Specific to healthcare, common examples of an unintentional insider threat include:

  • A medical practitioner loses a device with patient information on the device
  • Someone prints patient information and improperly disposes of the documents
  • A privileged user makes a configuration mistake leaving a system open to a vulnerability

Examples of intentional insider threat risks:

  • A workforce member stealing patient billing information to commit fraud
  • A user sets up a "logic bomb" to intentionally destroy data or disrupt system access
  • A privileged installs a system backdoor to maintain access to data

Whether or not an insider breach is intentional or completely accidental, insider threat incidents can be extremely costly and can take twice as long to detect and clean up as external attacks.

Having a formal insider threat program  helps organizations decrease their risk. As the HIMSS survey states,"a formal insider threat management program may be more effective than an informal one. The formal insider threat management program may be consistently applied, enforced, and the organization may have formal policies, procedures, and sanctions in place."

As indicated in the report, healthcare organizations are mobilizing to deal with all types of insider threat risks and many of them are turning to Proofpoint for support. Proofpoint is trusted on millions of endpoints across every major vertical and is the only insider threat monitoring and prevention solution that empowers security teams to detect insider threats, streamline the investigation process, and prevent data exfiltration.

Learn more about how healthcare organizations are protecting their valuable data. View the ondemand “Protecting Patient Data in a World of Insider Threats” webinar  featuring Larry Whiteside, Jr. Cybersecurity Thought Leader and CISO.

BTW, can we send you an email?

Once a week or so we send an email featuring our newest blog.  Interested?

Subscribe Now

Subscribe to the Proofpoint Blog