The HHS issued a warning April 20 about an increase in data breaches involving individuals within a healthcare organization, such as employees, contractors and business associates.
Here are six things to know:
- Insider threats include healthcare employees who abuse their access rights to steal patient data to commit identity theft and financial fraud.
- Other insider threats include employees who act inappropriately or those who accidentally put IT systems and data at risk without their knowledge.
- Negligent insiders contribute to 61 percent of insider threat incidents while those who purposely cause threats account for 14 percent of incidents.
- Negligent insider incidents can be caused by employees not being aware of security policies, which is often a training issue.
- To decrease those threats, employees should be made aware of the organization's security policies during the onboarding process and should be periodically reminded about those policies thereafter as part of regular security awareness training.
- Organizations lose $11.45 million annually as a result of insider threats.
The HHS recommends revising and updating cybersecurity policies and guidelines, limiting privileged access and establishing role-based access control to limit insider threats.