Insider Threats

June 20, 2016 CynergisTek, Inc.

While ransomware and cyber attacks are increasing, there is also another aspect of privacy and security that healthcare organizations should be aware of: insider threats. Whether malicious or accidental, breaches caused by insiders are associated with the amount of access employees have to sensitive data and a lack of proactive monitoring.

Statistics relating to insider threats include:

  • 57% of covered entities and 59% of business associates experienced a data breach with internal root causes.
  • OCR has issued settlements stemming from insider breaches, including a monetary settlement of $1.7 million.
  • While training can be the key to reducing the threats posed by insiders, only 31% of respondents rate the effectiveness of their security training and awareness activities as “very good” or “excellent”, and 43% of organizations only offer one basic security training course for all employees.

About the Author

CynergisTek, Inc.

CynergisTek is a top-ranked cybersecurity consulting firm dedicated to serving the information assurance needs of healthcare. CynergisTek offers specialized services and solutions to help organizations achieve privacy, security, and compliance goals. The company has been recognized by KLAS in the 2016 and 2018 Cybersecurity reports as a top performing firm in healthcare cybersecurity, as well as the 2017 Best in KLAS winner for Cybersecurity Advisory Services.

Follow on Twitter Follow on Linkedin Visit Website More Content by CynergisTek, Inc.
Previous Article
Special Report on Data Security: With the Ransomware Crisis, the Landscape of Data Security Is Shifting
Special Report on Data Security: With the Ransomware Crisis, the Landscape of Data Security Is Shifting

Cybersecurity was already a major concern in healthcare—and that was before a string of ransomware attacks ...

Next Article
What is the Value of Having a Virtual Chief Information Security Officer?
What is the Value of Having a Virtual Chief Information Security Officer?

“What is acceptable?” “What does HIPAA require?” “What are other organizations doing?” These are just a few...