As we know, Insider Threat affects both the public and private organisations. Insider threats are one of the biggest security challenges that the Healthcare industry faces. In fact, in a recent Forbes article, it indicated that 58% of healthcare systems breach attempts involve inside actors, which makes this the leading industry for insider threats today.
One of the most compelling insights is how quickly healthcare is becoming a digitally driven business with strong growth potential. However, what’s holding its growth back, is how porous healthcare digital security is. Not to mention the sheer confidential, sensitive and highly valuable information that these organisations possess, makes it easy for a clumsy or a malicious insider to compromise security and potentially cause massive harm.
Forbes went on to say that around 66% of internal and external actors are abusing privileged access credentials to access databases and exfiltrate proprietary information.
Insider Threat Example
A former Dallas Hospital guard built a botnet, using the hospital network, to attack rival hacking groups. The individual was eventually caught after he filmed himself staging an “infiltration” of the hospital network and then posted it on YouTube for public viewing. The video clearly shows the individual using a specific key to “infiltrate” the hospital, which revealed his identity as Jesse McGraw, a night security guard of the building. The investigation revealed that McGraw had downloaded malware on dozens of machines, including nursing stations with patient records. Additionally, he installed a backdoor in the HVAC unit, which, if failed, would have caused damage to drugs and medicines and affected hospital patients during the hot Texas summer. McGraw pled guilty to computer tampering charges and is serving a 9-year sentence in addition to paying $31,000 in fines.
Overview of Insider Threats Within The Healthcare Sector
The CERT Insider Threat Centre (NITC) contains over 2,000 insider threat incidents which is used as a foundation for their empirical research and analysis in this article. In total, CERT identified 88 malicious insider incidents mapped to 91 healthcare organisations that were directly victimised in the attack. Of the victim organisations, Health Network make up the largest subsector. These are the networks of hospitals and medical centres that are dedicated in bringing healthcare to specific regions.
Interestingly, 20 victim organisations indirectly employed the insider in some sort of trusted business partner relationship or non-regular full-time employment (e.g. contractors).
As the chart below shows that Fraud is the most frequent insider threat incident type accounting for about 76% of all incidents. Within these fraud cases, we generally see individuals with access to patient payment records taking advantage of their access to customer/patient data to create fraudulent assets such as credit cards in order to make a profit.
Suggested Mitigation Strategies
Healthcare information security should be the outmost importance for the organisation. Although identity theft is the most common misuse of patient data, patients can face severe, permanent consequences from medical record misuse, alteration, or destruction.
To better protect your healthcare organisations from insider threats incidents, here are some best practices that I suggest that you adopt: