05 September 2018

Healthcare systems breaches by corporate insiders top the list

Warning for general counsel at healthcare firms: your insiders are the chief source of threat as industry has the highest threat level.


Inside actors are responsible for 58% of healthcare systems breach attempts, making the industry the leading source of insider threats according to Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR). Most healthcare breaches are motivated by financial gain, with healthcare workers most often using patient data to commit tax return and credit fraud.

Healthcare insiders

Verizon found 876 total breach incidents initiated by healthcare insiders in 2017, leading all categories. External actors initiated 523 breach incidents, while partners initiated 109 breach incidents. 496 of all breach attempts are motivated by financial gain across internal, external and partner actors. Internal actors are known for attempting breaches for fun and curiosity-driven by interest in celebrities’ health histories that are accessible from the systems they use daily. When internal actors are collaborating with external actors and partners for financial gain and accessing confidential health records of patients, it’s time for healthcare providers to take a more aggressive stance on securing patient records with a Zero Trust approach. Ransomware tops the malicious code categories, responsible for 70% of breach attempt incidents. Stealing laptops from medical professionals’ cars to obtain privileged access credentials to gain access and install malware on healthcare networks, exfiltrate valuable data or sabotage systems and applications are all common breach strategies.

Better security needed

The report concludes that with the same intensity they invest in returning patients to health, healthcare providers need to strengthen their digital security, and Zero Trust Security is the best place to start. ZTS begins with Next-Gen Access by not trusting a single device, login attempt, or privileged access credential for every attack surface protected. Every device’s login attempt, resource request, and access credentials are verified through NGA, thwarting the rampant misuse and hacking based on comprised privileged access credentials. The bottom line is, it’s time for healthcare providers to get in better security shape by adopting a Zero Trust approach.

Email your news and story ideas to: news@globallegalpost.com