Providers: Be on the lookout for 'insider' fraud threats

There are plenty of security threats to worry about when it comes to patients' healthcare information, but you may not have thought of the one possible under your nose--insider threats. Security consultant Mac McMillan warns against this danger and how to combat it in a recent interview with HealthcareInfoSecurity.

According to McMillan, CEO of CynergisTek Inc., an Austin, Texas-based consulting firm which specializes in information security and regulatory compliance in healthcare, there are three types of insider threats: viewing/sharing information without authorization, committing medical identity theft or fraud and acts of sabotage. McMillan says that healthcare organizations need to start being much more aggressive about all three.

"The biggest thing you can do is to have a very strong program to monitor your systems," he tells HealthcareInfoSecurity. "Unfortunately, that's one of the areas where we're weak in healthcare."

Everybody is at risk for insider threats, McMillan says. He adds that those who commit them can be disgruntled individuals who feel like they've been passed over, people who are undergoing financial stress or difficulty at home, or people don't agree with the ideology of company. To that end, strong monitoring programs need to not look at just the obvious, but at the actual behaviors of people to pick up patterns, such as if a person is looking at more records than they need to do their job.

Despite the ubiquity of healthcare security threats, security pros repeatedly report that their departments are understaffed.

To learn more:
- read the interview