Providers: Be on the lookout for 'insider' fraud threats

There are plenty of security threats to worry about when it comes to patients' healthcare information, but you may not have thought of the one possible under your nose--insider threats. Security consultant Mac McMillan warns against this danger and how to combat it in a recent interview with HealthcareInfoSecurity.

According to McMillan, CEO of CynergisTek Inc., an Austin, Texas-based consulting firm which specializes in information security and regulatory compliance in healthcare, there are three types of insider threats: viewing/sharing information without authorization, committing medical identity theft or fraud and acts of sabotage. McMillan says that healthcare organizations need to start being much more aggressive about all three.

"The biggest thing you can do is to have a very strong program to monitor your systems," he tells HealthcareInfoSecurity. "Unfortunately, that's one of the areas where we're weak in healthcare."

Everybody is at risk for insider threats, McMillan says. He adds that those who commit them can be disgruntled individuals who feel like they've been passed over, people who are undergoing financial stress or difficulty at home, or people don't agree with the ideology of company. To that end, strong monitoring programs need to not look at just the obvious, but at the actual behaviors of people to pick up patterns, such as if a person is looking at more records than they need to do their job.

Despite the ubiquity of healthcare security threats, security pros repeatedly report that their departments are understaffed.

To learn more:
- read the interview

Suggested Articles

The Department of Health and Human Services announced proposed changes to privacy restrictions on patients' substance use treatment records.

An FDA official said the agency is in discussions with multiple stakeholders to create a universal unique medical device identifier to be stored in EHRs.

Virtual care, remote monitoring, telehealth and other technologies have long been on the “nice to have” list for healthcare. But that's changing.