Preventing Threats Inside Your Organization



Last week, the HHS’ Health Sector Cybersecurity Coordination Center (HC3) released this brief on insider threats in healthcare and how these risks should be addressed.

Insiders can pose a significant threat to the security and privacy of protected information, whether through carelessness, lack of training, or with malicious intent. According to HC3’s brief, insider threats could include:

  • Careless or negligent workers
  • Malicious insiders
  • Inside agents
  • Disgruntled employees
  • Third parties

Most insider breaches are accidental, although HC3 reports that “most companies invest more money on insider threats with malicious intent."

Negligent Insiders

According to a 2020 Ponemon Institute report, 61 percent of data breaches involving an insider were largely unintentional and could be attributed to negligence. Perhaps the biggest contributing factor to this statistic is the lack of policy awareness and training in many healthcare organizations. The researchers found that 27% of employees viewed their organization’s policies less than once a year, and 39% were trained on security awareness less than once a year. Although the risk of a breach through human error cannot be completely removed, healthcare organizations that have adopted regular, effective training have placed themselves in a much safer position than those that have not.

Malicious Insiders

Malicious insiders are defined as “insiders that have a grievance against a company and choose to act on it.” Similar to disgruntled employees or inside agents, these people use their access to systems and information to cause harm to their organization. In 2021, 80% of these intentional “privilege misuse” cases were financially motivated. These types of cases are much less common than cases of negligence, but organizations should still have appropriate protections in place to prevent them.

Third Parties

Finally, third party vendors with access to sensitive data can cause security breaches. The risk of this type of breach is high, as “94% of organizations give third parties access to their systems.” This is why we stress the importance of regularly updated Business Associate agreements, and vendor risk assessments.


Some of the most common types of damage caused by insider threats include critical data loss, operational outage or disruption, and brand damage. Mismanaged access and incomplete Bring Your Own Device policies can open the door for insiders to cause this kind of harm.

Steps to Prevent Insider Breaches

If you want to learn how to spot suspicious actors within your organization, you can read about that in the full brief. For now, here are the ways HC3 recommends that healthcare organizations prevent insider breaches:

  • Revise and update cybersecurity policies and guidelines
  • Limit privileged access and establish role-based access control
  • Implement the zero-trust and MFA models
  • Back up data and deploy data loss prevention tools
  • Manage USB devices across the corporate network


If you have further questions on this topic, or want to learn more about risk management in healthcare, feel free to contact your team at Medcurity.