Thursday 13th January 2022

BLOG: Insider Threats In the Healthcare Sector

The healthcare sector should be a sector that threat actors and cybercriminals avoid and don’t seek to launch malicious attacks against, but seemingly, there are no exceptions when financial gain is at stake. The threat to healthcare organisations from increasingly sophisticated cyber adversaries is continuing to grow every day. Protecting the healthcare sector from insider threats extends further than just staying compliant with industry rules and regulations.

Quite often organisations within the healthcare sector focus on external threats but fail to focus on internal threats. nearly half (48%) of healthcare industry breaches begin with insider threats. The insider poses a threat because they have legitimate access to an organisations cybersecurity systems and networks, they do not have to go through the typical threat actor route through phishing or other nefarious techniques. The insider threat concept involves a wide range of employees, not just those with malicious intent.

Healthcare employees should regularly undergo employee cybersecurity training, as this will turn them into an effective first line of defence against various cyber risks, including insider threats. Just because the members of your team were oriented on data privacy and security-related topics during their first day on the job doesn’t mean you should be complacent. Cybersecurity risks continue to

35% of employees download, save, send, or otherwise exfiltrate work-related documents before leaving a job or after being dismissed. Many insider threats start from careless workers. These employees are rarely operating with malicious intent but can negligently avoid security and privacy procedures which can lead to serious legal implications.

This can be unknowingly clicking on a malicious link that compromises the network or losing a work device containing sensitive data to those maliciously giving away access codes or purposely selling PHI/PII for profit. PHI is Protected Health Information, this is high-quality information related to health status or health care payment. In other words, PHI includes medical payment history or records of a patient. PHI is more valuable than credit-card details or regular identification details in a black market.

It was reported that in 2018, US healthcare organisations paid $28 million in financial penalties to the Office for Civil Rights (OCR) in response to HIPAA violations. Careless Workers are usually unaware that they’re committing breaches. Insider threats accounted for 24% of healthcare sector cyber threats in 2020.

Insider threats can be committed by anyone within the organisation, whether it be third party contractors, permanent staff, temporary staff etc. Insider threat actors are often either pressured, enlisted, or persuaded into providing the organisation sensitive data to threat actors. To reduce or stop this risk, organisations can restrict file access to only authorised users or implement user activity monitoring to send alerts when suspicious activity is detected.

The next possible insider threat is irresponsible third parties. In January 2019 it was found that business associate breaches leaked over 100,000 patient records. Before working alongside third parties that can potentially compromise sensitive information, organisations should always do in-depth research into the businesses trustworthiness to establish a good level of rapport alongside having a system that tracks suspicious network traffic, unusual activity, and remote access.

Insider threats can also come in the form of disgruntled ex-employees. Ex-employees who feel unfairly dismissed may choose to be malicious and take the steps to steal sensitive data. Instances like this are one of the reasons that organisations need to protect themselves through restricting controls over who has access to sensitive data.

Malicious Insiders are one of the most difficult threats to detect, especially in the beginning stages. These actors typically have motivations outside of an external party, they can utilise their employee privileges to access private information for personal or financial gain. It is harder to detect and prevent malicious insiders as they already have established access to the organisation’s network and systems, there is also the increased use of applications that can leak data such as social media or Dropbox.

Insider threats are not the only threat that the healthcare sector faces. The healthcare sector is vulnerable to the ever-evolving sophisticated techniques of threat actors. It has been reported that 89% of healthcare organisations have experienced a data breach in the past two years. Ransomware attacks can seize systems and cause havoc by restricting access to crucial data, halt healthcare systems equipment, and even add tumours into CT and MRI scans. To find out how Orpheus can help protect against cyber threats and more, click here.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.