Most of the organizations face the same threat vectors and problems when it comes to cyberthreats. However, healthcare has one sore spot that makes it particularly vulnerable – its people. Why do employees misuse data and expose PHI at such an alarming rate?
Financial gain: The pursuit of financial gain is one of the major motives behind breaches from insiders. The access that healthcare workers have to personal information of patients affords a convenient means to commit fraud of various types, for example, tax return fraud, opening lines of credit etc.
Fun/curiosity: Employees are people, and like all human beings, they are also prone to curiosity. This curiosity can lead employees to access patient data outside of the parameters of their jobs in the health profession. After financial gain, fun is a major motive behind exposing personal health information (PHI) of the patients. The admission of a well-known personality, family member or acquaintance into a hospital can present a temptation for employees who have technical access to that patient’s health record but no direct role in providing care or services to that patient. Any unwarranted access into that patient’s record simply to appease their curiosity would be (and is) considered a breach.
Convenience: The desire to make the job easier can overtake security policy. In the healthcare sector particularly, convenience is a big factor behind breaches from inside actors.
To successfully carry out their duties, access to a great deal of sensitive information is necessary for healthcare professionals. But along with that access comes the relatively easy ability to abuse it. Paired with the modernization of data, migration to electronic health records and a move toward a more connected healthcare environment, this ease can leave data more vulnerable to misuse than ever.