HHS Warns of Insider Threats in the Healthcare Sector | Healthcare Innovation

On April 21, the Department of Health and Human Services (HHS) issued a warning regarding insider threats when it comes to healthcare and the public health (HPH) sector. “An insider threat in the HPH Sector is potentially a person within a healthcare organization, or a contractor, who has access to assets or inside information concerning the organization’s security practices, data, and computer systems,” the warning says. “The person could use this information in a way that negatively impacts the organization.”

Insider threats within an organization include:

The warning adds that, “While most companies invest more money on insider threats with malicious intent, negligent insider threats are more common.” According to Ponemon’s ‘2020 Insider Threats Report,’ 61 percent of data breaches involving an insider are primarily unintentional, caused by negligent insiders.

The warning adds that malicious insiders are individuals that have a grievance against a company and act on it. More money is allocated to protect against these types of threats, studies have shown that they pose less of a threat to organizations than insider threats.

“It is important to mention that there are different studies on this with varied metrics,” the warning adds. “According to the Ponemon Institute’s ‘2020 Insider Threats Report:’

According to the warning, inside agents work on behalf of an external group to compromise an organization’s network and carry out data breaches or other attacks. Additionally, “disgruntled employees” pose significant risk because of their access to an organization’s systems and are considered “emotional threat actors.” Third parties are also a type of insider threats, 94 percent of organizations give third parties access to their systems and in 72 percent of case studies, third-party vendors had advanced permissions on said systems.

As what organizations can do to prevent insider threats, some criteria include: