The Center For Health Care Services, based in San Antonio, Texas, has notified 28,434 patients of a breach of privacy on their personal and health information. The data was allegedly stolen when a former employee took the information after being fired in 2016.
The compromised data includes patients' Social Security numbers, dates of birth, medical records numbers, dates of services, referral information, progress notes, types of services, diagnoses, medications, lab and toxicology reports, autopsy reports, death certificates, treatment plans and discharge and death summaries.
According to the released statement: "A former employee of CHCS was discovered to have secretly taken personal health information from CHCS on his personal laptop computer at the time his employment was terminated on May 31, 2016. The discovery was made on Nov. 7, 2017, as a result of documents produced in litigation between the former employee and CHCS."
The information is believed to exist in the files of the former employee, his attorneys and CHCS attorneys. CHCS officials don't believe the information has been shared with others and do not currently believe there are any steps individuals need to take to protect themselves from potential harm resulting from the breach.
As a result of the breach, CHCS is taking action to improve the security of its operations and eliminate future risk.
Addressing the Insider Threat
This alleged theft of data, which went undetected for well over a year, is yet another reminder of the substantial risks the insider threat can pose. Whether intentionally abusing network access to steal data, or simply falling for phishing schemes and becoming pawns for external attackers, the most overlooked cybersecurity weakness is often the employee themselves.
Insider threat continues to be a problem with approximately 50 percent of organizations experiencing at least one malicious insider incident per year, according to the 2017 U.S. State of Cybercrime Survey. The 2016 Cost of Cybercrime Study by Ponemon found that insiders were the most costly source of attacks. Incidents involving insiders cost an average of nearly $145,000 each and took 51 days to resolve, the longest of any type of attack.
"Insider threats are often more damaging than attacks from malicious outsiders or malware,” said Holger Schulze, CEO and founder of Cybersecurity Insiders. “That’s because they are launched by trusted insiders—both malicious insiders and negligent insiders with privileged access to sensitive data and applications.”
So how do you address insider threat before it becomes an issue? Here are 5 best practices for mitigating insider threats.
Know Your Critical Assets
A critical asset is something of value that if destroyed, altered, or otherwise degraded would impact confidentiality, integrity, or availability and have a severe negative effect on the ability to support essential business functions. Knowing your critical assets provides insight into the most important pieces in your infrastructure that need attention, and the users most likely to be targeted by attackers.
Continually Assess Your Security Posture
Evaluating your organization’s security posture should be a critical and ongoing process. Ensure that basic best security practices are in place, including proper password and authentication policies. Conduct proper cybersecurity awareness training to prevent employees from falling victim to phishing or other scams. It’s also important to monitor employee roles carefully as they change to ensure only those who require access to sensitive information have it. If an employee leaves the organization or moves to a different department, their access to information should be changed or disabled.
Develop an Insider Threat Program
Most managers and business owners want to believe that their employees are trustworthy. Though most of the time this is the case, there are those who will exploit this trust to steal critical information. Implementing an insider threat program that involves all people, policies, and technology will help deter threats that employees can pose. The CERT Insider Threat Center, has documented the minimum components that should be included in insider threat programs.
Document and Enforce Policies and Controls
Maintaining a consistent, clear message on all organizational policies and procedures will ensure employees are aware of how to handle the information they have access to. Policies or controls that are misunderstood, not communicated, or inconsistently enforced can breed resentment among employees and potentially result in harmful insider actions.
Continuously Monitor User Behavior
The final, and potentially most important step, is to learn what normal employee behavior looks like in order to better recognize abnormal behavior. There are many available tools that help to establish baselines of normal user behavior, and detect irregular events. Using these tools, you can easily identify actions outside of normal patterns that could be a threat, and address them right away.
Whether healthcare data, payment information, personal data, or proprietary information, every business has important critical information that employees have access to. While organizations often focus on outside threats, insider threats can be far more costly and damaging due to the easy access to a greater amount of critical data insiders possess. Developing a comprehensive insider threat strategy should be as important as looking outwards and focusing on what's coming in.
Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.