HealthcareInfoSecurity reports that a recent incident at a Canadian hospital involving a vendor's former employee who allegedly stole patient records in an attempt to extort money after being laid off illustrates the complex insider threats organizations face. In the article “Inside Job: Former Worker Allegedly Holds Records for Ransom,” the publication turned to privacy, cybersecurity and data strategy counsel Jason G. Weiss for his thoughts on the matter.
Weiss told the publication that data compromises involving insiders are an ongoing problem across all industries.
"In just the last year, it is estimated that almost 70% of cyberattacks against businesses have had an insider component, and these insider cyber incident attacks have risen by almost 50% in the last year," Weiss noted.
Weiss added, "While most businesses are rightfully concerned about external cyberthreat actors, they must not take their eye off the fact that the greatest threat from cyberattacks and loss of data actually lies from within the company itself in many cases."
Weiss noted that the incident involving the Canadian hospital "has all the appearances of a classic 'insider' attack and, in reality, these are very hard to prevent and secure against when the employee is 'trusted' and behind the company's IT security apparatus."
If an employee needs certain documents to do their work, Weiss says, "it is borderline impossible to know or even prevent an insider from then copying or printing these documents for later nefarious use."
"It is difficult to determine if a terminated employee has kept unauthorized copies of records they would have had access to as an employee, short of actually searching the employee or their home during the termination process," Weiss noted.
While IT teams can "lock out" employees who don't need access to certain information, controlling what authorized individuals do with data is tougher, even when employees sign agreements about permitted use, Weiss added.