by Lauren Dubinsky
, Senior Reporter | April 22, 2015
The majority — 92 percent — of health information technology decision makers believe that their organizations are somewhat or more vulnerable to insider threats and 49 percent feel extremely vulnerable, according to the 2015 Vormetric Insider Threat Report.
Furthermore, 62 percent of the decision makers reported that people who have access to all resources available from systems they manage as the most dangerous insider threat and partners with internal access and contractors were the second and third most dangerous.
DOTmed News had the opportunity to speak with Alan Kessler, CEO of Vormetric, about why these decision makers feel so vulnerable and what they can do to prevent insider threats at their organizations.
DOTmed News: Why is health care data so valuable?
Through our steadfast commitment to product innovation, we have developed MagnaGuard™ a revolutionary magnetic closure system that eliminates the need for Velcro and allows you to properly clean & disinfect your Protective X-ray Apparel. (800) 353-4350
Health care data has become one of the most desirable commodities for sale on “black” Internet sites because it typically contains enough detail to not only apply for credit cards or loans, but can also be used to generate large sums from fraudulent medical charges, or even to compromise patients’ existing financial accounts. As a result, stolen health care records command a large premium versus more mundane stolen information, such as credit card data.
DOTmed News: Why do the majority of HIT decision makers feel vulnerable to insider threats?
The health care environment has grown more complex as the amount of data being exchanged has increased and the market itself broadened. Now included in the wider insider threat problem set are privileged users who manage IT infrastructure and have full access to the data on the systems that they manage.
[Those include] employees such as doctors, nurses, billing departments, administrators and other skilled health professionals, service providers and contractors with access to enterprise networks, such as IT, HVAC and SaaS providers and health care-specific organizations, such as postsecondary care facilities and insurance companies. Other threats are criminals who compromise any of these accounts.
Just as important of a contributor to this sentiment is the high rate of data breaches and compliance audit failures being reported. According to our report, 48 percent of U.S. health care organizations reported either encountering a data breach or failing a compliance audit in the last year.
Additionally, decision makers are also well aware that compromised health care data can lead to longer-term problems for individuals later on down the line. Identity theft can destroy credit results, and the exposure of private information can be very damaging to an individual’s reputation. Understanding the gravity of potential damage can further fuel fear.