Healthcare Data Breaches and Insider Threats: Lessons for Businesses

Medical privacy is critically important to most people, which means that data protection is an extremely serious issue in the healthcare industry. And yet, there are numerous examples of data breaches in the healthcare industry, and even more worrying, it’s the industry most likely affected by insider threats. That means that the data breaches are coming from inside the organization, not outside of it. Take a look at some of the things you should know about data breaches in the healthcare industry and what other businesses can learn from their example.

How Do Insider Threats Occur in Healthcare?

Although patient privacy should be paramount, insider threats to healthcare data are distressingly common.

Despite the fact that the healthcare industry is one of the most obvious examples of an industry that should be highly protective of its data, many breaches come from people actually working in the industry. How does this happen? There are several scenarios.

• Poor Training: Despite the importance of medical privacy to patients, employees in the healthcare industry are not necessarily trained as well as they should be on privacy laws, or on the electronic systems used to store patient data. Often, problems occur when organizations are transitioning from paper records to digital records.
• Carelessness: Even well-meaning and well-trained employees can make careless mistakes, such as emailing information to the wrong email address, downloading files to insecure personal devices, or sharing login information with a coworker for convenience’s sake.
• Targeted Attacks: Outside attackers will sometimes seek to obtain information by targeting insiders with tactics like phishing scams. Employees may fail to recognize these tactics and take measures to protect their organization’s data.
• Malicious Motives: As in every industry, disgruntled employees may take actions to sabotage their employers, such as compromising sensitive data. Additional, healthcare workers may have motivations for breaching data that have nothing to do with their employers. For example, a healthcare worker may access confidential medical information about a celebrity in order to sell it, or seek out and share information concerning friends, family members, or personal acquaintances.

What Other Businesses Can Learn

Healthcare organizations and others can take concrete steps to protect sensitive data.

While the healthcare industry is unique in many ways, most of the insider threats to healthcare data can also be threats to other industries as well. Employees may be poorly trained, careless, or targeted for attacks by outsiders in any industry. Every industry also deals with disgruntled workers and with people who may be motivated by other factors to breach confidentiality.

Comprehensive security training is vital for employees with any level of access to confidential material. Even after employees are trained, it can be helpful to refresh training every so often. Be sure to include training to help insiders learn to recognize targeted outside attacks. Businesses should also enact smart policies to help prevent careless mistakes. For example, disallowing employees from using personal devices for work-related tasks and vice versa, and enforcing that policy, can help prevent data breaches.

Employee monitoring software can help by alerting you to irregularities that may occur due to mistakes and malicious insider attacks, as well as outsider attacks. For more information about how employee monitoring software can keep your data secure, take an online test drive.