Insider Threat: Most Healthcare Data Breaches Caused by Employees

Healthcare’s adoption of information technology has certainly seemed slower than other industries, and perhaps it’s for good reason. Our health is especially private and personal. Still, there are benefits of the tech revolution that no organization would want to pass up: easy file sharing, boundless data storage and improved methods of communication.


But while technology and adoption are evolving rapidly, there is another factor lagging behind — human employees. Research shows that most breaches are caused by employee negligence and healthcare is no exception.


Below we will look at the threats healthcare breaches pose to your organization and what employee education can do to keep these leaks at a minimum.


Ill Prepared

According to CSO, the biggest risk to digitized personal health information (PHI) and healthcare breach is not a cyberattack, it’s human error! In fact, 81 percent of incidents are rooted in employee negligence; primarily arising from employees’ unprotected administrative credential (usernames and passwords), but also lost or stolen devices and weak firewall protections.


Verizon conducted a study of its own. After examining security events for 166 healthcare providers, Verizon reported that 115 were confirmed healthcare data breaches, the majority were caused by some form of human error.


In a press release, Verizon Enterprise Solutions Executive Bryan Sartin said, “You might say our findings boil down to one common theme -- the human element. Despite advances in information security research and cyber detection solutions and tools, we continue to see many of the same errors we've known about for more than a decade now.”


If data breach is such a problem for the healthcare industry, why aren’t employees and organizations doing more to defend themselves? To be fair, health organizations are spending more money on cybersecurity than ever before: 76 percent of global healthcare organization will increase information security spending in 2017. Nevertheless, the human factor is still the weakest link in the chain.


Just What the Doctor Ordered

While there is no cure or immunization for employee negligence, there are steps you can take to protect your organization from the harmful effects of a data breach.


  • Regularly host employee education sessions to press the importance of cybersecurity, address developing risks and generally refresh everyone’s memories.


  • Develop better sign-in credentials and passphrases to protect yourself from digital incursion and brute force attacks.


  • Keep devices safe from prying eyes and greedy hands. Ensure all devices are secured with a passcode or PIN. Consider physically locking up in-office devices when not in use.


  • Create a Plan B in case devices are stolen or lost. This could include ‘find my device’ tracking application or remote memory wipe.


  • Only work from secure connections and behind corporate firewalls. This will stymie hackers from capturing data in transfer or monitoring employee actions online.


  • Invest in cybersecurity insurance from a reputable provider. For just pennies a day, CyberPolicy offers a robust data breach insurance policy to insulate your business against the most damaging effects of employee laxity and cybercrime.


Interested in learning more? See what we can do for your healthcare organization today! And check out small business insurance policies from CoverHound while you’re at it.

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375