If you were at HIMSS this past year, you would have noticed that many of the information security presentations focused on keeping outsiders out of the IT infrastructure. The looming questions that were not asked, however, include: what do you do once someone with malintent gets inside? What if the threat originated from an insider? And how would you mitigate insider risks beyond awareness and training? It turns out, these issues are on the minds of many healthcare providers according to a new study conducted by HIMSS and SailPoint. The findings resulted from surveying 100 healthcare IT professionals in roles ranging from individual contributors to executives.
What did HIMSS find? Here are a few key takeaways:
- Hospitals and health systems share widespread concern regarding cybersecurity risks from insiders
- Provider organizations generally feel insider threats to be of equal or greater concern than intrusions from external parties.
- Healthcare professionals widely consider monitoring and analyzing user access behavior to be critical but in general, have not moved past directory group membership to secure data stored in files.
There are other data resulting from this survey, including feedback that indicates the growing concerns about addressing risks from insiders. You can view the report and register for a live webinar on June 27 regarding the findings here.
Who are the Insiders?
It’s not just your traditional FTEs. Today, provider organizations must look at insiders from the lens of access, rather than employed status. This becomes a bigger challenge particularly in a complex ecosystem where non-employed staff, vendors, partners and even volunteers may have varying levels of access to systems, applications and data stored in files.
Why Insiders Do What They Do
There are three primary reasons for why leak or breach occurs:
- Accidental – Unauthorized exposure of sensitive information are often the result of users lacking awareness of processes or best practices.
- Negligence – There are also users who knowingly disregard established policies due to negligence. Their reasons may vary, but their intent is not malicious.
- Malicious – These users intentionally expose sensitive data for various reasons whether for financial gain, espionage or something else.
Regardless, the insider threat is not something that can be ignored. And here’s why.
- Insider threats can go undetected for long periods – The longer it takes to detect a breach or a leak, the higher the remediation costs.
- It is hard to distinguish harmful actions from regular work – When an employee is working with sensitive data, it is almost impossible to know whether they are doing something malicious or not.
- It’s hard to detect malicious actions when something is happening – It’s even hard to detect a breach after it has happened. This is because of the ease by which an employee(s) can cover their actions.
Given these challenges, how does a healthcare provider organization effectively address the insider threat? We invite you to register for the live webinar on June 27, co-presented between HIMSS and SailPoint.