December 13, 2018 by Michelle O'Neill, MSJ, CHP

Insider threats: Healthcare privacy and security

For Compliance Today: “Copyright 2018 Compliance Today, a publication of the Health Care Compliance Association (HCCA).”
By Michelle O'Neill, MSJ, CHP, National Director, Corporate Compliance and Privacy Officer at Summit Health Management

In the privacy and security world of healthcare, data breaches are the number one threat. The impact of a data breach is felt throughout the entire organization and, many times, directly affects the patients of the organization. A phrase most often used when it comes to data breaches is, “It’s not if, but when.” As much as organizations do not want to face that reality, this isn’t so far from the truth.

Although data breaches can be felt across all organizations, healthcare is at the top of the list. Most likely, this is because the value of the medical record is significantly higher than the value of any other data. Why are medical records more valuable to cyberthieves? Because they are harder to change or freeze. The other factor revolves around the reality that healthcare generally spends less on ensuring the privacy and security of this valuable information, making it an easier target as well.

The scariest factor in all of this is, the healthcare industry is the only industry where the threat from the inside is greater than the threat from the outside.1 Verizon’s 2018 Data Breach Report revealed that 56% of attacks are from internal sources (insiders). The report further detailed that human error is a major contributor, in addition to abuse of system access, but there is also the malicious component. It is very important to understand the types of insider threats, the causes and dangers of insider threats, and how to fight back and protect against these threats.

To read the full article, click here