Maxim_Kazmin - Fotolia
Studies are finding that healthcare employees -- either by malicious intent or error -- are largely responsible for security breaches.
According to the 2018 Protected Health Information Data Breach Report (PHIDBR) from Verizon, 58% of healthcare security breaches are caused by insiders. The report noted that "healthcare is the only industry in which [employees and contractors] are the biggest threat to an organization." Another survey, the Accenture 2018 Healthcare Workforce Survey on Cybersecurity, found that 24% of employees are aware of someone within their organization selling access to private information. The report also noted that one in six employees either weren't aware their organization offered security awareness training or their organization offered no training.
These studies back up what security expert Mayank Choudhary sees happening with healthcare cybersecurity threats.
"We have seen a dramatic increase in [healthcare] cybersecurity threats, particularly threats posed by insiders with malicious and nonmalicious intent," said Choudhary, vice president of products at ObserveIT, an insider threat management software company.
"The actions of malicious insiders can be due to financial fraud, personal stress, sabotage or cyberespionage," he said. "It's the nonmalicious, human error insider threats that can be harder to detect and remediate. They are equally damaging and embarrassing for the company from a risk perspective, but also the potential impact to brand is quite high."
Ways to contain healthcare cybersecurity threats
Choudhary offered three ways that employee error can be curbed, leading to fewer healthcare cybersecurity threats becoming realized:
- Limit account privileges: "Organizations require access to information and availability of critical IT infrastructure to lead in the marketplace," Choudhary said, "and as a result user accounts ... are granted deep and wide access to critical applications and systems from day one." Such widespread access to information, he said, "raises the risk profile of the company from both internal and external threats such as ransomware." Choudhary suggested implementing the principle of least privilege, which means users have minimal privilege or access rights on computers and applications as a fundamental security control to help reduce the overall risk of the organization. Large institutions with a global workforce, Choudhary said, should implement least privilege controls like identity and access management and privileged access management. "For smaller companies," he said, "controls offered by Microsoft technologies as part of the Active Directory, native Windows or Mac OS and including the application frameworks from Office 365, also offer a good start."
Mayank Choudharyvice president of products, ObserveIT
- Filter content: Content filtering, one of the basic blocks for implementing perimeter-centric controls, Choudhary said, "enables security teams to filter what content is visible to their users over the internet, such as filtering hate-oriented websites or filtering spam emails or blocking objectionable content." Content filtering, he said, "also helps organizations drive business productivity by making sure knowledge workers are using their work time suitably; for example, not browsing social media websites." He noted that "almost all firewall vendors or web gateway vendors offer some kind of a content filtering technology."
- Encrypt devices: Encrypting content stored on devices "enables companies to defend against external malware attacks like ransomware by making the content not readable. This limits the hacker's ability to mine the data for financial reasons," Choudhary said. "Most of the available endpoint platform players that provide antivirus solutions, along with pure-play vendors, offer encryption capabilities that are the key line of defense in a layered security control strategy -- a must-have for the enterprise." However, he said, "companies often do not think about the need to have visibility into users and their interactions with systems and data as well. This is particularly important given users represent employees and third-party contractors with access to systems and data. Additionally, a user could copy encrypted content on his or her Gmail account by copy/pasting information, making visibility into copy-and-paste actions incredibly important."