Week 11
Healthcare data breaches ‘mostly caused by insiders’
Healthcare does not possess data that is as securely protected as other industries. So, it is very easy for hackers to take advantage of this. There is a lot of information involved in healthcare, and for companies to be able to sell that information, it can be a very profitable business.
It seems that most of the privacy violations are actually committed by insiders. Some are done purposely because people have access to this information. For example, it always drives me crazy when I order Chinese food and they demand my credit card information for delivery orders over the phone. That is not very secure. Who knows what the employees are doing with it.
Then, there are employees who accidentally compromise personal information. Therefore, companies “should also understand their individual cyber security responsibilities, be aware of the consequences of negligent or malicious actions, and work with other stakeholders to identify ways to work in a safe and secure manner” (Brenner, 2017). Outsider threats are not the only risk when it comes to information security. Insider threats can be a problem, as well.
So, in order to prevent problems like this, the article recommends you, know your risk, follow best practice, have a tried and tested incident response plan, identify and safeguard your sensitive data, and educate employees. (Brenner, 2017) Educating employees is one of the recommend best practices. (Cappelli, Moore, Shimeall, Timothy, Trzeciak, p. 39) You should always educate your employees on how to protect themselves from both insider and outsider threats.
However, although HIPPA exists, it does not seem the health care industry is being as diligent as they should be, even though information security is still incredibly important in this field, as well.
References
Brenner, B. (2017, February 23). Healthcare data breaches ‘mostly caused by insiders’. Retrieved February 26, 2017, from naked security: https://nakedsecurity.sophos.com/2017/02/23/healthcare-data-breaches-mostly-caused-by-insiders/
Cappelli, D. Moore, Andrew, Shimeall, Timothy, J., Trzeciak, Randall (2009, January). Common Sense Guide to Prevention and Detection of Insider Threats 3rd Edition – Version 3.1. Retrieved February 24, 2017, from Cyberactive – CIS608-T301: https://cyberactive.bellevue.edu/bbcswebdav/pid-8473720-dt-content-rid-14015425_2/courses/CIS608-T301_2173_1/cert_common_sense_guide_to_prevention_and_detection_of_insider_threats.pdf