closeup image of a green eye

Where Are You Most Vulnerable to an Internal Breach?

The power of curiosity can make any healthcare setting vulnerable to breaches. From the inside. We’ve heard stories about breaches from clients involving simple gossip, not-so-simple revenge in a child custody dispute, and celebrity snooping.

Although ransomware and hacking grab the headlines, when it comes to healthcare data, most breaches are inside jobs. Generally, this is not true in other industries. Every year Verizon publishes a Data Breach Investigation Report and in 2019 the insider breach trend continues.

Not all internal breaches are intentional

There are many ways data is breached. According to Verizon, the top three patterns are: Miscellaneous Errors, Privilege Misuse and Web Applications*, together representing 81 percent of incidents in healthcare.

When insiders decide to snoop, what motivates them? 83 percent do it for financial reasons, but others include fun, at six percent of all breaches, three percent are simple convenience, and grudges represent another three percent. Interestingly, espionage accounts for two percent of all breaches.

You can reduce your risks and take control if you understand where you’re vulnerable. Some simple steps will take you a long way toward breach prevention, saving you time and money.

Take these steps to protect your organization from internal breaches

·      Maintain a culture of compliance.

·      Train your staff and use sanctions if staff don’t follow your HIPAA policies.

·      Complete a Risk Analysis and implement the Risk Management Plan. Do it every year

·      Limit unnecessary access.

·      Streamline phishing reporting. You might catch an event before it becomes a breach.

·      Limit the use of web applications like shopping and social media – most of these are designed to find information about users, not maintain privacy.

The HIPAA E-Tool® is designed for prevention and has everything you need to implement a secure environment for patient data. From workforce training, to confidentiality agreements, access controls and a robust Risk Analysis, we can help you fill the gaps and stop the vulnerabilities from becoming costly breaches.


*A web application (unlike a static website) is an interactive site where the user communicates with the site (like Amazon shopping) or can post or communicate with other users (social media like Facebook, Twitter, Pinterest)

Free HIPAA Checklist
What best describes you?