By Zac Amos, Features Editor, ReHack
LinkedIn: Zachary Amos
LinkedIn: ReHack Magazine
Healthcare environments store too much personally identifiable information to be complacent about security measures. Critical sectors are some of the most vulnerable to breaches no matter how defended they think they are — the value of their data is so priceless that attackers will stop at nothing to find a back door. Social engineering and other interpersonal tactics are rising in frequency in the medical sector, so what red flags should medical professionals look for when identifying insider threats?
1. Change in Digital Habits
Healthcare workers input patient information, submit forms and verify documents. Tracking behaviors may be challenging, but IT teams should be able to record each employee account like a digital road map. These are varying degrees of suspicious behaviors that could indicate ill intent:
- Strange data movement
- Atypical exports or uploads
- Use of insecure devices or unsanctioned software
- Renaming files
- Strange search history trends, such as intense interest in niche topics
- Exploring digital projects outside the scope of their job description
Another notable trend is repeated security violations. If an employee begins openly sharing passwords, leaving devices unlocked, practicing poor data management or ignoring IT requests, it might be for a reason. This behavior could influence nearby staff to behave complacently, too, which could be the aim. These habits might manifest as privacy law violations or other compliance dismissals.
2. Displaying Exploitable Vulnerabilities
Insider threats are not necessarily intentional. Medical staff undergo intense pressures, whether long hours for little pay or enduring emotional stress because of patient struggles. Hackers know financial troubles, emotional weakness and workplace insecurities are ideal targets for manipulation. If healthcare managers notice colleagues displaying vulnerable behaviors, like substance misuse, intervention may be necessary to prevent an inadvertent defensive weak point.
Global events and tension can also lead to negligent behaviors, leaving open doors for hackers. For example, the COVID-19 pandemic placed unforeseen mental health struggles on clinical staff. They were attempting to adapt to a whole new working landscape with up-and-coming innovations, and threat actors saw this as an opportunity.
3. Repeated or Unusual Access Attempts
Nurses may clock in with a name badge or access patient files through a secure portal. Digital teams should keep logs of every internal entry request and external network access attempt. Every software, device and internet connection is an opportunity, which is why many industries in critical infrastructure employ zero-trust architecture to minimize requests and streamline enforcement.
If an employee starts logging in repeatedly to a previously unused server or program, it is worth noting. Keeping track of access denials is crucial, too, because it indicates stolen credentials or social engineering are at work. Another strange behavior is increased escalation requests from a single person or department. They could be falsifying IT failures or access reports, attempting to reset information and take it under their control.
4. Negative Workplace Behavior
Inflammatory or combative responses in the workplace from a previously stable employee could hint they are under intense stress. Other adverse traits may include:
- Reduced productivity.
- Interpersonal conflicts.
- Noticeable fatigue.
- Workplace dissatisfaction or lack of fulfillment.
- Increased tardiness or absenteeism.
- Disrespect or disregard for superiors.
- Stealing medical tools, data or medications.
5. Unexpected Changes in Lifestyle
Has an employee suddenly started wearing expensive accessories even though they are not part of the uniform? Are they taking far-flung, extended vacations when they have not requested off in five years? Drastic changes like these could indicate an influx of disposable income, potentially from being paid off by a cybercriminal.
6. Odd Working Hours
Healthcare professionals frequently work strange hours. One week could be swing shifts, while another could be a 24-hour on-site stay. Tracking working hours is critical, especially when they can vary so drastically. Attempting to stay well past clock-out time without approval or when minimal to no staff is in the building could be signs someone is trying to do something undetected. Businesses may perceive some staff as going above and beyond, but when 90% of insider threats are intentional, stakeholders can never be too certain.
Prevent Insider Threats
Even the smallest private doctor’s offices should watch for in-person cybersecurity threats. The person could be a bribed manager, manipulated nurse practitioner or fearful admin professional. Knowing common behavioral indicators will help all personnel prevent malicious attacks in the medical industry. Educating staff and visitors on these tips is critical for ensuring quality and quick patient servicing.
While these indicators are not foolproof and don’t always mean that an employee is an insider threat, they certainly warrant further investigation if spotted. When patient data is on the line, it is better to explore these warning signs rather than to ignore them.