Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Insiders Cause 41% of Healthcare Breaches

September 13, 2017

The Protenus Breach Barometer Report: Mid-Year Review states that there have been 233 reported data breaches in the healthcare industry in the first half of 2017, and 41% of them have been caused by insiders. The report adds that breaches caused by insiders, either deliberately or accidentally, are less common than hacks (53%), but they affect more patient records and can go undetected for much longer.

Protenus breaks down insiders into two categories – insider error and insider wrongdoing (also known as malicious insiders). Insider error is the result of employees or contractors not being aware of their security obligations. Examples include misplacing or not properly securing files, e-mailing confidential information to someone outside the company, or creating software with security flaws.

Such breaches can be managed by revising security policies and educating staff on handling confidential information.

Insider wrongdoing is harder to defend against, as it is caused by employees with legitimate access to the information or former employees whose access hasn't been revoked. The threat of malicious insiders can be partially mitigated by implementing privilege access rights, but this isn't foolproof as most employees will need to be able to access some information, and there's almost no way to spot a potential insider threat 100% of the time.

Protenus says that breaches caused by insider wrongdoing led to many more exposed records than insider error (743,665 versus 423,000), but occur less frequently (36 incidents versus 57 incidents).

Health care breaches constitute 30% of all U.S. data breaches, coming in second only behind the business sector.

Bottom line: In 2016, we were looking at a trend one health data breach a day. In 2017, we're expected to have more than one a day. Oh joy . . .

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Insiders Cause 41% of Healthcare Breaches

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer