While ransomware and cyber attacks are increasing, there is also another aspect of privacy and security that healthcare organizations should be aware of: insider threats. Whether malicious or accidental, breaches caused by insiders are associated with the amount of access employees have to sensitive data and a lack of proactive monitoring.
Statistics relating to insider threats include:
- 57% of covered entities and 59% of business associates experienced a data breach with internal root causes.
- OCR has issued settlements stemming from insider breaches, including a monetary settlement of $1.7 million.
- While training can be the key to reducing the threats posed by insiders, only 31% of respondents rate the effectiveness of their security training and awareness activities as “very good” or “excellent”, and 43% of organizations only offer one basic security training course for all employees.
