Insider Breach: What Happened
Upon discovery of the insider breach, Geisinger launched an investigation into the incident. They discovered that an employee, that had access to view protected health information (PHI), was accessing patient records for purposes other than to perform their daily job responsibilities. The information potentially accessed included patient names, dates of birth, medical record numbers, dates of service, Social Security numbers, addresses, phone numbers, medical conditions, diagnoses, medications, treatment information, and other clinical notes. The employee in question has since been fired.
Although it appears as though the 700 patient records were accessed without malicious intent, Geisinger is offering affected patients one year of identity theft protection.
“At Geisinger, protecting our patients’ and members’ privacy is of the utmost importance and we are constantly working on safeguards and protocols to identify incidents such as these so we can prevent such occurrences in the future. Our investigation leads us to believe that this information was not accessed to commit financial fraud or harm; however, out of an abundance of caution we are providing affected patients one year of identity theft protection free of charge,” stated Jonathan Friesen, Geisinger Chief Privacy Officer.
Study Reveals the Majority of Healthcare Breaches are the Result of an Insider Breach
A study conducted by Verizon found that a staggering number of healthcare breaches are the result of an insider breach, with medical data 18 times more likely to be compromised than other data. The 2020 breach report found that of the 466 cybersecurity breaches that occurred in healthcare last year, 59% were the result of an insider breach. While most of these incidents were financially motivated, 6% were for fun, 3% were out of convenience, 3% were due to a grudge, and 2% for espionage.
Researchers also found 81% of insider breaches were due to either miscellaneous errors, privilege misuse, and web applications. Other incidents occur in healthcare as a result of hackers using stolen login credentials to access email and servers, mostly obtained in phishing attacks.
“Effectively monitoring and flagging unusual and/or inappropriate access to data that is not necessary for valid business use or required for patient care is a matter of real concern for this vertical. Across all industries, internal actor breaches have been more difficult to detect, more often taking years to detect than do those breaches involving external actors,” the report said.