Preventing Insider Threats

No one likes to think about it, but malicious attacks by an insider and other insider threats are the cause of a significant number of healthcare data breaches.  They can be from a disgruntled employee, a recently terminated member of the staff, or even someone who is being bribed to provide patient information.  While they may be some of the hardest attacks to guard against, they are preventable.  Here are a few steps to keep in mind,

  • Screen New Hires:  One of the best prevention methods is to not hire someone who turns out to be a malicious employee in the first place.  You may consider completing a background check on all new hires and even periodic checks on current staff members.  While not an exact science, it may help to identify potential bad actors before they cause any damage;

  • Terminate Employees Immediately:  Often when employees leave any organization there can be hard feelings which potentially leads to irrational decisions.  To help guard against this, you should terminate all access to PHI immediately upon the employee leaving the organization.  Any delay in terminating access can leave you susceptible to the whims of a disgruntled former employee;

  • Perform Regular Access Audits:  Having a process in place to review logs of who within your organization is accessing PHI and what they are accessing can be a helpful tool in spotting a snooping employee. To truly be effective, the logs need to be reviewed on a consistent basis to identify an employee who is accessing PHI unnecessarily or to pick up suspicious patterns of access; and

  • Train Staff on Sanctions:  Training should include information that outlines the sanctions that can be imposed (both by you, the employer, and the authorities) for malicious actions involving the access or disclosure of PHI.

Admittedly, guarding against insider threats is a challenge, but it is possible.  If you implement reasonable protections then you can prevent or stop nefarious actions by your staff.

Download our free ebook "Top Excuses for Ignoring Cybersecurity"

Screen Shot 2018-01-24 at 1.53.11 PM.png

In this ebook:

  • A look at the increasing risk that healthcare organizations face
  • Statistics that show IT and cyber need more resources and emphasis
  • Easy, actionable tips on improving your security now. 
  • Top cybersecurity trends of recent years