paint-brush
How Healthcare Providers Can Detect and Prevent Insider Threatsby@zacamos
204 reads

How Healthcare Providers Can Detect and Prevent Insider Threats

by Zac AmosMarch 13th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

The growth and digitization of the healthcare industry has exposed it to more cybersecurity threats, even from organization insiders. To detect and prevent insider threats, healthcare providers should: conduct background checks, provide ongoing training, implement access controls, perform security audits, use two-factor authentication, back up data, classify and organize data, and create an incident response plan.
featured image - How Healthcare Providers Can Detect and Prevent Insider Threats
Zac Amos HackerNoon profile picture


The growth and digitization of the healthcare industry has made protecting patient information a significant challenge. Electronic health records can streamline filing systems, make it easier to access data and help doctors respond faster to patients’ needs, but they also expose the sector to cybersecurity threats. Organizations may think these threats come from external sources, but most data breaches come from the inside.

The Impact of Insider Threats on Healthcare

Insider threats are one of the biggest cybersecurity problems in healthcare, whether in the form of careless workers, inside agents, third-party vendors, or disgruntled former employees. The industry reported 712 data breaches in 2021, a 10.9% total increase compared to 2020.


Criminal insiders cost surveyed organizations an average of $756,760 per incident in 2019, but they were only responsible for 23% of all security breaches. Negligent employees or contractors who slacked off, made honest mistakes, or misunderstood the organization’s policies caused most security issues.


Data breaches can be devastating when it comes to healthcare. Hospital records contain patients’ credit card information, home addresses, phone numbers, emails, and health information, all of which are valuable in the hands of threat actors.


At the same time, electronic health records vastly improve healthcare efficiency, with 35% of doctors saying they make it easier to respond to patient issues and 33% claiming they help manage treatment plans. That’s good news in the age of burnout.


In 2021, 37% of nurses reported feeling stressed or overworked, but automation can alleviate some of their workload. Therefore, healthcare organizations must implement strong cybersecurity practices.

Detecting and Preventing Insider Threats

An insider threat is anyone within a healthcare organization who can access sensitive data, assets, or computer systems and use them to cause harm — intentionally or not.


They can be as sinister as a hacker selling network passwords or patient records on the dark web. More often than not, however, an insider threat looks more like an employee who forgets to log out, leaving their computer unattended for anyone to use. Healthcare companies should implement the following practices to detect and prevent inside data breaches.

1. Conduct Background Checks

One of the most effective ways to prevent insider threats is to conduct background checks for all new employees. This step helps identify any red flags, such as a history of criminal activity, that could indicate a potential security hazard. However, since many insider threats stem from negligence rather than malice, a lack of criminal history isn’t a failsafe. It’s simply a good place to start.

2. Provide Ongoing Training

It’s important to train employees on good cybersecurity practices. Healthcare workers may not have any formal education or experience in tech, so employers should brief them on how to identify phishing scams, avoid downloading malware and transmit sensitive data.


Updating cybersecurity policies and guidelines regularly ensures the training is up to date. Ongoing education reinforces strong cybersecurity behaviors and prevents common errors that could cause security breaches.

3. Implement Access Controls

Very few people need access to any file at any time. Zero standing privilege (ZSP) access controls limit which documents workers can view, edit or send. ZSP means nobody can see protected information by default. There are no superuser accounts, and every request is subject to a risk-based evaluation.


This approach also makes it easier to monitor suspicious system activity. Timed access controls automatically log people out after a certain period. Another form of providing temporary, limited access is to use one-time codes in addition to passwords.


The best controls implement the policy of continuous adaptive trust. They apply contextual information about data sensitivity, user status, time and device type to estimate risks and manage resource access.

4. Perform Security Audits

Routine security audits can help healthcare providers identify and resolve network vulnerabilities. They should include a review of computer activity, email communications and access logs. They should also assess physical security measures such as camera surveillance and door code access.

5. Use Two-Factor Authentication

In 2021, 56% of employers in the U.K. reported using two-factor authentication (2FA) as part of their cybersecurity strategy. 2FA requires workers to use multiple forms of identification, such as a code on their phone, before accessing secure data. This security measure adds an extra barrier for anyone trying to breach sensitive information.

6. Back-Up Data

Coupled with data loss prevention software (DLP), regular backups are a crucial component of good cybersecurity. DLP helps identify and prevent the unauthorized transmission of sensitive info, blocking attempts to send private data via email or instant messaging.


Backups help ensure patient information won’t be lost even during a data breach. Healthcare organizations should store their backups in a separate network from the main one.

7. Classify and Organize Data

Healthcare organizations should inventory all their information by tagging it according to sensitivity, location, and type. This practice allows people using the network to sort data into categories, letting them know which files to view and which to leave alone.


Additionally, it helps people identify suspicious or malicious files and keep them out of the system. Administrators can also establish policies detailing which data can leave the organization and which is classified. For example, are employees allowed to email files of medium sensitivity?

8. Create an Incident Response Plan

Healthcare providers should establish an incident response plan in case of an emergency. Responding to an insider threat should be repeatable, standardized, and applied in every incident.


To create the plan, organizations should first evaluate their resources and capabilities. They must define the program's purpose and identify any critical assets they're responsible for. It should be clear that everyone is responsible for monitoring and reporting suspicious activity.

A Strong Line of Defense

Healthcare has moved online. While that improves efficiency, it also opens the industry up to more security breaches, especially from negligent employees. Health organizations must establish broad visibility of their users, data, traffic, and applications to implement strong security controls. Doing so protects patient privacy and ensures smooth, efficient operations.