Getty Images

Insider threats in healthcare remain prevalent

Although insider threat breach rates were on the decline in past years, Verizon has recently observed a resurgence in the healthcare sector.

Verizon’s “2024 Data Breach Investigations Report” assessed more than 30,000 security incidents across 94 countries and several industries, exposing trends across the cyber threat landscape. In healthcare, insider threats remained a top risk to healthcare entities in 2023, the research revealed.

However, the nature of these insider threats in healthcare is changing, Verizon found. After a few years of declining rates, the trend of insiders intentionally causing breaches is once again on the rise.

“As a result, the Internal actor has taken back the driver’s seat in this industry,” the report noted.

“Whether wreaking malevolent mischief in terms of Privilege Misuse or simply making a hefty dose of innocent mistakes, resulting in the Miscellaneous Errors pattern taking the top spot in this year’s rankings, insiders are making quite the comeback in this sector.”

Miscellaneous errors, such as misconfiguration and data loss, were a pattern among all sectors, but were most prevalent in healthcare, given the sector’s reporting requirements. Miscellaneous errors, privilege misuse and system intrusion represent 83% of healthcare breaches observed by Verizon.

Verizon found that misdelivery, which results from an individual sending information to the wrong recipient via physical or electronic means, remains a error type in healthcare. Loss is also frequent and typically results from the misplacement of paper documents.

What’s more, personal data surpassed medical data as the preferred target for threat actors in 2023.

Additionally, across all sectors analyzed in this year’s dataset, the human element was a factor in 68% of breach cases. Equipped with compromised credentials, threat actors are increasingly gaining access to systems and lurking undetected for days before deploying ransomware.

“From year to year, we see new and innovative attacks as well as variations on tried-and-true attacks that still remain successful,” Verizon noted.

“From the exploitation of well-known and far-reaching zero-day vulnerabilities, such as the one that affected MOVEit, to the much more mundane but still incredibly effective Ransomware and Denial of Service (DoS) attacks, criminals continue to do their utmost to prove the old adage ‘crime does not pay’ wrong.”

As healthcare continues to face threats from external and internal actors, addressing security gaps through a combination of administrative and technological safeguards is crucial to mitigating risk.

Next Steps

Dig Deeper on Cybersecurity strategies