Recently, Northwestern Memorial Hospital in Chicago reportedly fired at least 50 nurses and other staff members for improperly viewing the medical records of actor Jussie Smollett, NBC Chicago reports. This story is a reminder of the responsibility and importance of protecting medical information not only from external risks, but from internal ones as well. In contrast to all other sectors, the healthcare industry is unique in that the biggest security threat comes from within. In fact, according to Verizon’s 2018 Protected Health Information Breach Report in which they analyzed 1,368 healthcare data breaches, insiders were responsible for almost 58% of all breaches with external factors confirmed as responsible for just 42% of incidents. Attempting to circumvent internal breach behavior, the CERT® Division of the Software Engineering Institute (SEI) at Carnegie Mellon University announced the creation of the CERT National Insider Threat Center (NITC). Established in late 2017, the Center expands on years of work in the insider threat domain and helps to support security practitioners with insider threat assistance. Several alarming statistics the NITC has found include: Most people looking to commit healthcare fraud from the inside began their malicious activities within the first five years of working for the organization (64.3%) When the location of the activity was known, 72.7% happened onsite Of the attacks when the time was known, 70% of the incidents happened during normal working hours Over half of the incidents (52.7%) involved the theft of customer data, while 37.5% targeted financial assets Helpful Resources and Tips to Guard Your Organization’s PHI With internal attacks continuing to be as much of a challenge as external, there are a few things to consider when evaluating the safety of PHI: Are all vendors vetted for having solid security measures? It’s important that outside parties are as invested in protecting your data as you are. Check out these 10 privacy and security questions to ask potential partners as you navigate the process. Do you have any aging applications that are vulnerable to cyber attacks? When health systems are outdated, the risk for breach exponentially increases. Listen in as Rick Adams, Vice President of IT and Chief Security Officer at Harmony Healthcare IT, talks about the hazards of leaving legacy systems running. Is your legacy data management plan in place? Security risks lurk in forgotten legacy systems – proactively creating a plan that includes decommissioning legacy systems and safely archiving the necessary data is an imperative component to your risk strategy. Read more about the benefits of archiving and how to handle legacy data management after system replacement here. If it’s time to put legacy data management at the forefront of your cybersecurity task list, we’re ready to listen and here to help.