The growth and digitization of the healthcare industry has made protecting patient information a significant challenge. Electronic health records can streamline filing systems, make it easier to access data and help doctors respond faster to patients’ needs, but they also expose the sector to cybersecurity threats. Organizations may think these threats come from external sources, but most data breaches come from the inside.
Insider threats are one of the biggest cybersecurity problems in healthcare, whether in the form of careless workers, inside agents, third-party vendors, or disgruntled former employees. The industry reported 712 data breaches in 2021,
Criminal insiders cost surveyed organizations an average of $756,760 per incident in 2019, but they were
Data breaches can be devastating when it comes to healthcare. Hospital records contain patients’ credit card information, home addresses, phone numbers, emails, and health information,
At the same time, electronic health records vastly improve healthcare efficiency,
In 2021,
An insider threat is anyone within a healthcare organization who can access sensitive data, assets, or computer systems and use them to cause harm — intentionally or not.
They can be as sinister as a hacker selling network passwords or patient records on the dark web. More often than not, however, an insider threat looks more like an employee who forgets to log out, leaving their computer unattended for anyone to use. Healthcare companies should implement the following practices to detect and prevent inside data breaches.
One of the most effective ways to prevent insider threats is to conduct background checks for all new employees. This step helps identify any red flags, such as a history of criminal activity, that could indicate a potential security hazard. However, since many insider threats stem from negligence rather than malice, a lack of criminal history isn’t a failsafe. It’s simply a good place to start.
It’s important to train employees on good cybersecurity practices. Healthcare workers may not have any formal education or experience in tech, so employers should brief them on how to identify phishing scams, avoid downloading malware and transmit sensitive data.
Updating cybersecurity policies and guidelines regularly ensures the training is up to date. Ongoing education reinforces strong cybersecurity behaviors and prevents common errors that could cause security breaches.
Very few people need access to any file at any time. Zero standing privilege (ZSP) access controls limit which documents workers can view, edit or send. ZSP means nobody can see protected information by default. There are no superuser accounts, and every request is subject to a risk-based evaluation.
This approach also makes it easier to monitor suspicious system activity. Timed access controls automatically log people out after a certain period. Another form of providing temporary, limited access is to use one-time codes in addition to passwords.
The best controls implement the policy of continuous adaptive trust. They apply contextual information about data sensitivity, user status, time and device type to estimate risks and manage resource access.
Routine security audits can help healthcare providers identify and resolve network vulnerabilities. They should include a review of computer activity, email communications and access logs. They should also assess physical security measures such as camera surveillance and door code access.
In 2021,
Coupled with data loss prevention software (DLP), regular backups are a crucial component of good cybersecurity. DLP helps identify and prevent the unauthorized transmission of sensitive info, blocking attempts to send private data via email or instant messaging.
Backups help ensure patient information won’t be lost even during a data breach. Healthcare organizations should store their backups in a separate network from the main one.
Healthcare organizations should inventory all their information by tagging it according to sensitivity, location, and type. This practice allows people using the network to sort data into categories, letting them know which files to view and which to leave alone.
Additionally, it helps people identify suspicious or malicious files and keep them out of the system. Administrators can also establish policies detailing which data can leave the organization and which is classified. For example, are employees allowed to email files of medium sensitivity?
Healthcare providers should establish an incident response plan in case of an emergency. Responding to an insider threat should be repeatable, standardized, and applied in every incident.
To create the plan, organizations should first evaluate their resources and capabilities. They must define the program's purpose and identify any critical assets they're responsible for. It should be clear that everyone is responsible for monitoring and reporting suspicious activity.
Healthcare has moved online. While that improves efficiency, it also opens the industry up to more security breaches, especially from negligent employees. Health organizations must establish broad visibility of their users, data, traffic, and applications to implement strong security controls. Doing so protects patient privacy and ensures smooth, efficient operations.