Insider threats: Healthcare privacy and security

Michelle O’Neill (moneill@shm.net) is National Director, Corporate Compliance and Privacy Officer at Summit Health Management in New Providence, NJ.

In the privacy and security world of healthcare, data breaches are the number one threat. The impact of a data breach is felt throughout the entire organization and, many times, directly affects the patients of the organization. A phrase most often used when it comes to data breaches is, “It’s not if, but when.” As much as organizations do not want to face that reality, this isn’t so far from the truth.

Although data breaches can be felt across all organizations, healthcare is at the top of the list. Most likely, this is because the value of the medical record is significantly higher than the value of any other data. Why are medical records more valuable to cyberthieves? Because they are harder to change or freeze. The other factor revolves around the reality that healthcare generally spends less on ensuring the privacy and security of this valuable information, making it an easier target as well.

The scariest factor in all of this is, the healthcare industry is the only industry where the threat from the inside is greater than the threat from the outside.[1] Verizon’s 2018 Data Breach Report revealed that 56% of attacks are from internal sources (insiders). The report further detailed that human error is a major contributor, in addition to abuse of system access, but there is also the malicious component. It is very important to understand the types of insider threats, the causes and dangers of insider threats, and how to fight back and protect against these threats.

This document is only available to members. Please log in or become a member.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field