Light Dark
May 30, 2018 By Douglas Bonderud 2 min read

Healthcare organizations are worried about cyberattacks. In fact, 77 percent of healthcare information technology (IT) professionals are “very concerned” about cyberattacks, according to a May 2018 survey sponsored by cybersecurity firm Imperva. Of those surveyed, 32 percent listed ransomware as their biggest fear, and employee actions grabbed the number two spot with 25 percent.

However, insider threats are the more persistent IT infection. As the 2018 Verizon Data Breach Investigations Report pointed out, healthcare is the only industry where insiders are responsible for more incidents than outside attacks.

Insider Threats: A Healthy Concern

According to Information Age, the use of unapproved applications by healthcare staff is often linked to IT risk, as employees may accidentally post or share confidential information to social media sites or send it via plaintext email.

Locking down access to cloud-based apps and services is often the go-to IT response — but this typically drives staff to use other applications that information security (InfoSec) professionals don’t know about and haven’t blocked. The result is a vicious cycle: IT’s attempts to reduce insider threats only increase total risk.

Despite the risk of malicious insider actions, companies are more concerned about accidental exposure. Imperva’s survey found that 51 percent of healthcare companies are more worried about careless users than staff-turned-attackers.

Although 73 percent of organizations now employ a senior information security leader — and 33 percent of respondents said their cyberattack response was “above average” — 38 percent of healthcare institutions suffered at least one cyberattack in the last year. Additionally, at least half of these attacks started with corporate insiders.

The Insider Threat Treatment Plan

What’s preventing health companies from curing the insider threat infection?

The Imperva survey pointed to four key factors:

  • More access by more people: More employees, contractors and business partners now access health networks, increasing insider impact.
  • More assets on the cloud: Increasing use of cloud services means more critical data is potentially at risk.
  • Lack of staff to analyze employee actions: As the total number of users and network-connected devices increases, staff struggle to effectively analyze insider actions.
  • Lack of monitoring tools: Without tools capable of monitoring activities across distributed networks, InfoSec professionals are hard-pressed to manage insider threats.

While there’s no cure-all, Information Age recommends making insiders part of the conversation about application use and safety. Rather than banning services outright, allow staff to use the applications of their choice wherever possible and adopt security best practices, such as deep inspection of web traffic, URL filtering and per-app monitoring.

As noted by Imperva, new machine-learning solutions can help IT teams “pinpoint critical anomalies that indicate misuse of enterprise data, so they can quickly quarantine risky users to prevent any further issues.”

The bottom line: Insider threats remain a persistent IT infection for healthcare organizations, despite increased recognition of cybersecurity risk.

 |  | 
Douglas Bonderud
Freelance Writer

More from

March 26, 2025

We are moving!

< 1 min read - SecurityIntelligence.com is being sunset, but have no fear!We have a new home for all of your favorite security and X-Force content.Follow us to www.ibm.com/think to maintain access to the stories and news you love, both new and old.Security Intelligence will officially sunset on Friday, March 28, 2025. To access the latest security thought leadership, go here. To access the latest X-Force research, go here.If you are experiencing cybersecurity issues or an incident, contact X-Force® to help:US hotline: 1-888-241-9812 | Global hotline:…

March 18, 2025

Bypassing Windows Defender Application Control with Loki C2

10 min read - Windows Defender Application Control (WDAC) is a security solution that restricts execution to trusted software. Since it is classified as a security boundary, Microsoft offers bug bounty payouts for qualifying bypasses, making it an active and competitive field of research.Typical outcomes of a WDAC bypass bug bounty submission:Bypass is fixed; possible bounty awardedBypass is not fixed but instead "mitigated" by being added to the WDAC recommended block list. Likely no bounty awarded but honorable mention is typically givenBypass is not…

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature