BLOG: Insider Threats In the Healthcare Sector

Inside threats in the healthcare sector

The healthcare sector should be a sector that threat actors and cybercriminals avoid and don’t seek to launch malicious attacks against, but seemingly, there are no exceptions when financial gain is at stake. The threat to healthcare organizations from increasingly sophisticated cyber adversaries is continuing to grow every day. Protecting the healthcare sector from insider threats extends further than just staying compliant with industry rules and regulations.

Quite often organizations within the healthcare sector focus on external threats but fail to focus on internal threats. nearly half (48%) of healthcare industry breaches begin with insider threats. The insider poses a threat because they have legitimate access to an organization’s cybersecurity systems and networks, they do not have to go through the typical threat actor route through phishing or other nefarious techniques. The insider threat concept involves a wide range of employees, not just those with malicious intent.

Healthcare employees should regularly undergo employee cybersecurity training, as this will turn them into an effective first line of defense against various cyber risks, including insider threats. Just because the members of your team were oriented on data privacy and security-related topics during their first day on the job doesn’t mean you should be complacent. Cybersecurity risks continue to

35% of employees download, save, send, or otherwise exfiltrate work-related documents before leaving a job or after being dismissed. Many insider threats start from careless workers. These employees are rarely operating with malicious intent but can negligently avoid security and privacy procedures which can lead to serious legal implications.

This can be unknowingly clicking on a malicious link that compromises the network or losing a work device containing sensitive data to those maliciously giving away access codes or purposely selling PHI/PII for profit. PHI is Protected Health Information, this is high-quality information related to health status or health care payment. In other words, PHI includes medical payment history or records of a patient. PHI is more valuable than credit-card details or regular identification details in a black market.

It was reported that in 2018, US healthcare organizations paid $28 million in financial penalties to the Office for Civil Rights (OCR) in response to HIPAA violations. Careless Workers are usually unaware that they’re committing breaches. Insider threats accounted for 24% of healthcare sector cyber threats in 2020.

Insider threats can be committed by anyone within the organization, whether it be third-party contractors, permanent staff, temporary staff, etc. Insider threat actors are often either pressured, enlisted or persuaded into providing the organization’s sensitive data to threat actors. To reduce or stop this risk, organizations can restrict file access to only authorized users or implement user activity monitoring to send alerts when suspicious activity is detected.

The next possible insider threat is irresponsible third parties. In January 2019 it was found that business associate breaches leaked over 100,000 patient records. Before working alongside third parties that can potentially compromise sensitive information, organizations should always do in-depth research into the business’s trustworthiness to establish a good level of rapport alongside having a system that tracks suspicious network traffic, unusual activity, and remote access.

Insider threats can also come in the form of disgruntled ex-employees. Ex-employees who feel unfairly dismissed may choose to be malicious and take the steps to steal sensitive data. Instances like this are one of the reasons that organizations need to protect themselves through restricting controls over who has access to sensitive data.

Malicious Insiders are one of the most difficult threats to detect, especially in the beginning stages. These actors typically have motivations outside of an external party, they can utilize their employee privileges to access private information for personal or financial gain. It is harder to detect and prevent malicious insiders as they already have established access to the organization’s network and systems, there is also the increased use of applications that can leak data such as social media or Dropbox.

Insider threats are not the only threat that the healthcare sector faces. The healthcare sector is vulnerable to the ever-evolving sophisticated techniques of threat actors. It has been reported that 89% of healthcare organizations have experienced a data breach in the past two years. Ransomware attacks can seize systems and cause havoc by restricting access to crucial data, halt healthcare systems equipment, and even add tumors into CT and MRI scans. To find out how Orpheus can help protect against cyber threats and more, click here.

SHARE ON

Share on linkedin
Share on facebook
Share on twitter

Get our latest cyber intelligence insights straight into your inbox every week