• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Insider threats, with negligence or malice, can hurt health care cybersecurity


Federal agency outlines risks, behavioral indicators of disgruntled workers.

Insider threats, with negligence or malice, can hurt health care cybersecurity

Whether by mistake or with malice, people within health care organizations can become threats to cybersecurity.

The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) published “Insider Threats in Healthcare.” The threat brief did not describe a specific security risk, cyberattack or health care system.

Rather, HC3 offered guidance on insider threats, people or contractors with access to assets or information about security practices, data and computer systems.

“The person could use this information in a way that negatively impacts the organization,” through fraud, data theft or system sabotage, the report said.

Employee access

HC3 cited “alarming results” from the 2021 Healthcare Data Risk Report from New York-based cybersecurity consulting firm Varonis.

That company sampled 3 billion files from 58 companies and found:

  • Every employee had access to 20% of all files.
  • 31,000 sensitive healthcare files were open to everyone.
  • 77% of companies had 500 or more accounts with passwords that do not expire.


Threats may come from careless, negligent workers, malicious or disgruntled employees or third parties.

Negligent insider threats are more common than outside attacks with malicious intent and “unintentional insider threats pose a major risk to the health sector,” according to HC3.

Examples include an employee leaving unattended an unencrypted mobile device or laptop computer with sensitive data. Remote workers could create risks by having Amazon Echo and Alexa devices on during meetings.

Malicious insiders are people within an organization that have a grievance and choose to act on it. They could become inside agents, working on behalf of an external group “to compromise an organization’s network and carry out a data breach or other attack.”

“This is dangerous because it provides an outside group with the access and privileges of an insider,” the report said.

Disgruntled employees can be significant threats because of access to systems and because in some cases they feel as if they are owed something, the report said.

Among all organizations, 94% give third parties access to their computer systems and in 72% of case studies, third-party vendors were provided elevated permissions, according to HC3, citing the Varonis study.

What to look for

Behavioral indicators of potential insider threats could include unprofessional behavior, bullying other employees, personality conflicts and misuse of travel, time or expenses.

Indicators of IT sabotage could be creating backdoor accounts, changing passwords to limit access to data, disabling system logs, installing remote network administration tools or malware, and accessing systems or computers of other workers.

Massive downloading of corporate data, sending data or email attachments to noncorporate addresses, extensive use of corporate printers, and remotely accessing organization servers during nonworking hours, all could indicate data theft, according to HC3.

Related Videos
Kyle Zebley headshot
Kyle Zebley headshot
Kyle Zebley headshot
Michael J. Barry, MD
Hadi Chaudhry, President and CEO, CareCloud
Claire Ernst, JD, gives expert advice
Arien Malec