HHS defines an “Insider threat in the Healthcare and Public Health (HPH) Sector” as “a person within a healthcare organization, or a contractor, who has access to assets or inside information concerning the organization’s security practices, data, and computer systems, [who] could use this information in a way that negatively impacts the organization.” Insider threats can cause data breaches. The subject of insider data breaches is discussed below.
There’s Negligence Inside: HHS Warns of Increases in Insider Data Breaches
As HHS notes, there are several types of insider threats.
- Careless or negligent workers
- Malicious insiders
- Inside agents
- Disgruntled employees
There is a mismatch between the amount of money healthcare organizations spend to prevent data breaches from each group and the amount of harm each group causes. Most companies invest more money on insider threats from actors with malicious intent than they do on insider threats caused by someone acting negligently.
This focus might be misplaced. According to Ponemon’s 2020 Insider Threats Report, 61% of insider data breaches are unintentional, caused by negligent insiders.