By Isaac Kohen
HIPAA (Health Insurance Portability and Accountability Act) has been a long-standing standard for data privacy and security.
However, there is a threat brewing that poses a risk to companies maintaining HIPAA related data. This threat is located outside of HIPAA’s grasp and situated inside of healthcare organizations.
Ad Statistics
Times Displayed: 56163
Times Visited: 1642 Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.
HIPAA’s regulations traditionally apply to external threats, which is not effective with this evolving threat since it is internal. This leaves healthcare organizations hurrying to address the human factor-based threat.
The human factor is unpredictable and a key factor in insider threats. IBM stated in 2014 that human error is a contributing factor to 95% of data security events. For most healthcare entities, experiencing an insider attack equates to a data breach or HIPAA violation.
Insider threats can impact the financial bottom line. The Ponemon Institute’s 2018 Cost of Insider Threats: Global Organizations report concluded the following:
While the mean cost of an insider threat is $8.7 million, the survey tallied the maximum cost at nearly $26.5 million. The minimum cost, meanwhile, is still significant at $489,100. Can your business sustain a financial blow due to insider threats? Let’s add on top of these costs, the HIPAA monetary fines.
The insider threat is wreaking havoc on healthcare data sets; this will continue as trends and inside threats evolve. Sensitive electronic personal health information (EPHI), computerized physician order entry (CPOE), and electronic health records (EHR) are at risk of being stolen and exploited.
HIPAA Journal shares that, “according to the CERT Insider Threat Center, insider breaches are twice as costly and damaging as external threats. To make matters worse, 75% of insider threats go unnoticed.” As threats go unnoticed an organization is inputting, transferring and maintaining more EPHI (electronic protected health information). The organization is oblivious to their vulnerable state allowing data to be stolen, exposed, and the insider to continue their exploitation.
The uptick in insider threat attacks is largely related to the data value, potential profit and mass amount of health related data. It’s common knowledge to criminals that more health records and sensitive health related data are now in a digital format.
Citrix Chief Security Strategist Kurt Roemer explains: “There's a lot of data that winds up on end points, a lot of data that's very distributed. You have a lot of healthcare professionals that are contractors and other third parties and operate as independents and maybe work for multiple facilities. Patient care must also be swift, so sometimes security measures are dialed down or updates are delayed, so they do not interfere with patient care. Unfortunately, that sets up a perfect storm for healthcare ransomware.”
