The healthcare industry’s ability to defend against cyberthreats is being seriously undermined by its own workforce, according to two separate reports released this week. In an analysis of 1,368 security incidents at healthcare organizations in 27 countries, Verizon found that nearly six out of 10 (58%) security incidents involve insiders. That figure, according to Verizon, makes healthcare the only sector where internal actors pose the biggest threat to an organization’s cybersecurity posture than external actors.
In an Accenture report based on a survey of 912 healthcare employees in the US and Canada, some 18% of the respondents professed their willingness to sell confidential data to unauthorized thirds parties for as little as between $500 and $1,000. Among the malicious activity they were willing to peform: sell login credentials, download data to portable drives, and install tracking software on business systems. 24% actually know someone in their organization who had sold their access credentials to an unauthorized third-party. The willingness to sell confidential data was more pronounced among respondents from provider organizations (21%), compared to those in payer organizations (12%).
Read more about the two separate reports suggesting that insiders – of the malicious and careless variety – pose more of a problem in healthcare than any other sector on DarkReading.