How Healthcare Facilities Can Prevent “Inside” Breaches

How Healthcare Facilities Can Prevent “Inside” Breaches

The healthcare industry is heavily targeted by outsiders looking to profit from stolen personal information. Security efforts often focus on keeping hackers and other outsiders from accessing sensitive patient or financial information, but outsiders aren’t the only threat to a healthcare facility’s cybersecurity. In fact, the 2019 Protected Health Information Data Breach Report (PHIDBR) from Verizon found that 59 percent of healthcare systems breach attempts involve inside actors, which is 1 percent higher than last year’s report by Verizon and 6 percent higher than a similar report done in 2017.

Although in some cases, insider breaches can be caused by simple human error, Verizon’s study points out that the majority of cases are intentional and driven by financial gain. Abusing both privileged and unprivileged access credentials and physical access points to gain unauthorized access to information accounts for 82.9 percent of all misuse-based breach attempts and incidents. Insiders, whether they’re acting alone or in collaboration with others, know that the fastest and easiest way to achieve database access without being immediately detected is through legitimate credentials. Many systems don’t require additional verification for logging in, which allows even unprivileged users to access protected information using someone else’s login.

Stolen privileged access credentials actually make up 49.3 percent of all of the hacking attempts found in Verizon’s report. Healthcare insiders steal credentials to gain access to mainframes, servers, databases, and internal systems, typically looking for financial information that can be used for their own profit. However, and slightly more alarming, research has been released showing that 18% of healthcare employees reported that they would be willing to sell privileged access credentials and confidential data to unauthorized parties for a trivial amount of money; some said they would do this for less than $1000.

Healthcare organizations need more than just strong passwords and increased cybersecurity efforts to avoid these threats. In order to prevent inside breaches, healthcare organizations have to add identity governance and administration (IGA) systems into their existing cybersecurity efforts. IGA systems help identify and manage tasks and access for users in a network and generally include elements like administration of accounts, passwords, access requests, access provisioning, and entitlement management. Additionally, IGA can help manage the lifecycle of a user’s identity, so as users change positions or leave an organization, their access changes or is terminated completely. IGA systems can also generate reports that show what an individual user has accessed, changed, copied or deleted so that if an insider breach did occur, it would be more easily identifiable.

The healthcare information security gap continues to widen as insider threat grows each year. Through increased cybersecurity efforts that target both outside and inside threats, as well as cyber risk services that are tailored to the healthcare industry, healthcare organizations can help protect themselves from the financial havoc that can occur following a data breach.

 

About Connected Risk Solutions

At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. To learn more, contact us at (877) 890-9301.

About Connected Risk Solutions

At Connected Risk Solutions, we provide our agent partners with bold solutions for comprehensive insurance and risk management that are unmatched in the industry. We have market connections and collective decades of industry experience, including deep specialization in healthcare liability and managed care E&O, cyber and tech liability, management and professional liability, as well as captive management and risk management. We strive to develop creative solutions no other wholesaler can match and to help our agent partners give their clients the ability to achieve continued growth while simultaneously protecting against loss.

Our specialists, located in offices throughout the country, are responsive and engaged. To learn more, connect with us.

Table of Contents

Related Posts:
ConnectedRisk_ProfessionalandManagementLiability
Understanding Professional and Management Liability in Healthcare: Essential Coverage for Healthcare Providers
One of your jobs as an insurance agent is understanding the intricacies of professional and management...
ConnectedRisk_HealthcareCybersecurityStrategy
Healthcare Cybersecurity Strategy: Strengthening Defenses Against Cyberattacks
In today’s interconnected world, healthcare organizations face increasing risks and challenges...
ConnectedRisk_Reinsurance
Explaining Reinsurance in Healthcare
Reinsurance is a term many in the insurance industry are aware of, and it also plays a role in healthcare....