SlideShare a Scribd company logo

Insider Threats to PHI and ePHI

Brian Solomon, MBA
Brian Solomon, MBA

Insider threats to your PHI and ePHI.

Healthcare
1 of 11
Download to read offline
September 29, 2014 Brian Solomon
1. Unintentional • An unintentional insider threat is a current or former employee… who, through action or inaction without malicious intent, unwittingly causes harm or substantially increases the probability of future serious harm to the confidentiality, integrity, or availability of data.” Definition from the SEI, CERT Division 2. Malicious • We will focus on malicious threats for the purpose of this presentation. Brian Solomon
 Malicious InsiderThreat – A current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems. Definition from the SEI, CERT Division Brian Solomon
 Former employees  Current employees  Visitors  Contractors  Consultants  Suppliers  Who else may have physical or electronic access? Brian Solomon
Greed or financial need A belief that money can fix anything. Excessive debt or overwhelming expenses. Anger or revenge Feelings of being “slighted” by a boss or coworker. Disgruntled to the point of retaliation against the company. Problems at work A pending layoff, job dissatisfaction, lack of recognition, disagreements with workers or managers Brian Solomon
Compulsive and/or destructive behavior The need to support a drug/alcohol or other abusive behaviors. Relationship, marital, or family difficulties Martial conflicts or separation from family or other loved ones Ideology/Identification The desire to help the underdog or an aggrieved party of a situation. Brian Solomon
Divided loyalty Loyalty to another company or person Ingratiation Desire to please or win approval from someone who could benefit from the data with the expectation of return favors. Brian Solomon
 Takes material home via documents, flash drives, disks, or email without need or authorization.  Seeks to obtain sensitive information not related to their work activities.  Interest in confidential matters outside the scope of their work.  Accesses the computer network remotely while on vacation or at odd hours without authorization.  Disregards computer policies, installs personal software or hardware  Overwhelmed by life crises or career disappointments Brian Solomon
 Noncompliance with IT policies or improper use of IT system.  Attempting to access IT system remotely after dismissal or at unusual hours.  Illegal, unethical, or other activity that is forbidden by policy (attempting to hack passwords, accessing restricted data not related to job…).  Sending business or PHI data to or from private email accounts.  Emailing sensitive data that is not encrypted via the internet. Brian Solomon
 Employees improperly trained and/or infrequently trained on how to protect PHI.  Employees with access to data that is not needed for their job.  Unclear policies for working outside the office or at home.  Employee perception that security for PHI is relaxed or nonexistent.  Employee perception that unauthorized release of PHI has minimal consequences or “doesn’t hurt anybody.” Brian Solomon
Aeran, A. (2006). Comprehensive Overview of Insider Threats and their Controls. Retrieved from cccure.org: https://www.cccure.org/ Blue Lance Inc. (2011). Internal Cyber Threat Prevention. Retrieved from bluelance.com: http://www.bluelance.com/ Carmine Nigro, F. B. (2014). The Enemy Within: Dealing With Insider Threats. HIMSS Take Action Annual Conference 2014 (p. 8). Boston: Healthcare Information Management Systems Society. National Cybersecurity and Communications Integration Center. (2014). Combating the Insider Threat. Washington, DC: US Dept of Homeland Security. U.S. Department of Justice. (2014). counterintelligence insider threat. Retrieved from fbi.gov: http://www.fbi.gov/about- us/investigate/counterintelligence/ Brian Solomon

Recommended

Internet Misuse inside the Company
Internet Misuse inside the CompanyInternet Misuse inside the Company
Internet Misuse inside the Company
Roberto de Paula Lico Junior
 
Employee Misuse of Internet and Blogosphere
Employee Misuse of Internet and BlogosphereEmployee Misuse of Internet and Blogosphere
Employee Misuse of Internet and Blogosphere
Kelly Savage
 
Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4
Sarah K Miller
 
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Case IQ
 
Website security
Website securityWebsite security
Website security
RIPPER95
 
Internet Acceptable Use Policy
Internet Acceptable Use PolicyInternet Acceptable Use Policy
Internet Acceptable Use Policy
Jennifer Whitt
 
Liabilty
LiabiltyLiabilty
Liabilty
Laura Breese
 
security and ethical challenges
security and ethical challengessecurity and ethical challenges
security and ethical challenges
Vineet Dubey
 

Recommended

Internet Misuse inside the Company
Internet Misuse inside the CompanyInternet Misuse inside the Company
Internet Misuse inside the Company
Roberto de Paula Lico Junior
 
Employee Misuse of Internet and Blogosphere
Employee Misuse of Internet and BlogosphereEmployee Misuse of Internet and Blogosphere
Employee Misuse of Internet and Blogosphere
Kelly Savage
 
Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4
Sarah K Miller
 
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Case IQ
 
Website security
Website securityWebsite security
Website security
RIPPER95
 
Internet Acceptable Use Policy
Internet Acceptable Use PolicyInternet Acceptable Use Policy
Internet Acceptable Use Policy
Jennifer Whitt
 
Liabilty
LiabiltyLiabilty
Liabilty
Laura Breese
 
security and ethical challenges
security and ethical challengessecurity and ethical challenges
security and ethical challenges
Vineet Dubey
 
Internet Policy Final Project (Group 6)
Internet Policy Final Project (Group 6)Internet Policy Final Project (Group 6)
Internet Policy Final Project (Group 6)
Matthew Charles
 
Internet usage policy(1)
Internet usage policy(1)Internet usage policy(1)
Internet usage policy(1)
scobycakau
 
Security And Ethical Challenges
Security And Ethical ChallengesSecurity And Ethical Challenges
Security And Ethical Challenges
Ram Dutt Shukla
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
zhihaochen
 
Edward; w5; employee privacy report; 08.16.11. Copyright 2013 Edward F. T. Ch...
Edward; w5; employee privacy report; 08.16.11. Copyright 2013 Edward F. T. Ch...Edward; w5; employee privacy report; 08.16.11. Copyright 2013 Edward F. T. Ch...
Edward; w5; employee privacy report; 08.16.11. Copyright 2013 Edward F. T. Ch...
Edward F. T. Charfauros
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cybera Inc.
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
Priscila Bernardes
 
The New Frontier: How Employers Can Respond to Employee Use of Technology and...
The New Frontier: How Employers Can Respond to Employee Use of Technology and...The New Frontier: How Employers Can Respond to Employee Use of Technology and...
The New Frontier: How Employers Can Respond to Employee Use of Technology and...
Kelly Hart & Hallman LLP
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technology
paramalways
 
Should I Be Conducting Background Checks on Existing Employees?
Should I Be Conducting Background Checks on Existing Employees?Should I Be Conducting Background Checks on Existing Employees?
Should I Be Conducting Background Checks on Existing Employees?
Mike McCarty
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasures
KAMRAN KHALID
 
Insider threats: protecting data during eDiscovery (Nuix webinar)
Insider threats: protecting data during eDiscovery (Nuix webinar)Insider threats: protecting data during eDiscovery (Nuix webinar)
Insider threats: protecting data during eDiscovery (Nuix webinar)
Nina Ananiasvili
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
Lancope, Inc.
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)
Huntsman Security
 
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Fasoo
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
Lancope, Inc.
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats
Sirius
 
5 Types of Insider Threats and How to Detect them in Your ERP System
5 Types of Insider Threats and How to Detect them in Your ERP System5 Types of Insider Threats and How to Detect them in Your ERP System
5 Types of Insider Threats and How to Detect them in Your ERP System
Michael Cunningham
 
How to Protect your organization from within.pptx
How to Protect your organization from within.pptxHow to Protect your organization from within.pptx
How to Protect your organization from within.pptx
JosephMwakai
 
Managing Insider Threat
Managing Insider Threat Managing Insider Threat
Managing Insider Threat
iris_cheung
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk Management
Barry Caplin
 

More Related Content

What's hot

Internet usage policy(1)
Internet usage policy(1)Internet usage policy(1)
Internet usage policy(1)
scobycakau
 
Security And Ethical Challenges
Security And Ethical ChallengesSecurity And Ethical Challenges
Security And Ethical Challenges
Ram Dutt Shukla
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cybera Inc.
 
The New Frontier: How Employers Can Respond to Employee Use of Technology and...
The New Frontier: How Employers Can Respond to Employee Use of Technology and...The New Frontier: How Employers Can Respond to Employee Use of Technology and...
The New Frontier: How Employers Can Respond to Employee Use of Technology and...
Kelly Hart & Hallman LLP
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technology
paramalways
 

What's hot (10)

Internet Policy Final Project (Group 6)
Internet Policy Final Project (Group 6)Internet Policy Final Project (Group 6)
Internet Policy Final Project (Group 6)
 
Internet usage policy(1)
Internet usage policy(1)Internet usage policy(1)
Internet usage policy(1)
 
Security And Ethical Challenges
Security And Ethical ChallengesSecurity And Ethical Challenges
Security And Ethical Challenges
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
Edward; w5; employee privacy report; 08.16.11. Copyright 2013 Edward F. T. Ch...
Edward; w5; employee privacy report; 08.16.11. Copyright 2013 Edward F. T. Ch...Edward; w5; employee privacy report; 08.16.11. Copyright 2013 Edward F. T. Ch...
Edward; w5; employee privacy report; 08.16.11. Copyright 2013 Edward F. T. Ch...
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
 
The New Frontier: How Employers Can Respond to Employee Use of Technology and...
The New Frontier: How Employers Can Respond to Employee Use of Technology and...The New Frontier: How Employers Can Respond to Employee Use of Technology and...
The New Frontier: How Employers Can Respond to Employee Use of Technology and...
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technology
 
Should I Be Conducting Background Checks on Existing Employees?
Should I Be Conducting Background Checks on Existing Employees?Should I Be Conducting Background Checks on Existing Employees?
Should I Be Conducting Background Checks on Existing Employees?
 

Viewers also liked

Insider threats: protecting data during eDiscovery (Nuix webinar)
Insider threats: protecting data during eDiscovery (Nuix webinar)Insider threats: protecting data during eDiscovery (Nuix webinar)
Insider threats: protecting data during eDiscovery (Nuix webinar)
Nina Ananiasvili
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 

Viewers also liked (8)

Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasures
 
Insider threats: protecting data during eDiscovery (Nuix webinar)
Insider threats: protecting data during eDiscovery (Nuix webinar)Insider threats: protecting data during eDiscovery (Nuix webinar)
Insider threats: protecting data during eDiscovery (Nuix webinar)
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)
 
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats
 

Similar to Insider Threats to PHI and ePHI

Managing Insider Threat
Managing Insider Threat Managing Insider Threat
Managing Insider Threat
iris_cheung
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-b
BbAOC
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
PECB
 
Learning Activity 1Following is a list of ethical issues that are.pdf
Learning Activity 1Following is a list of ethical issues that are.pdfLearning Activity 1Following is a list of ethical issues that are.pdf
Learning Activity 1Following is a list of ethical issues that are.pdf
agromilling
 

Similar to Insider Threats to PHI and ePHI (20)

5 Types of Insider Threats and How to Detect them in Your ERP System
5 Types of Insider Threats and How to Detect them in Your ERP System5 Types of Insider Threats and How to Detect them in Your ERP System
5 Types of Insider Threats and How to Detect them in Your ERP System
 
How to Protect your organization from within.pptx
How to Protect your organization from within.pptxHow to Protect your organization from within.pptx
How to Protect your organization from within.pptx
 
Managing Insider Threat
Managing Insider Threat Managing Insider Threat
Managing Insider Threat
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk Management
 
Teaching Your Staff About Phishing
Teaching Your Staff About PhishingTeaching Your Staff About Phishing
Teaching Your Staff About Phishing
 
Chapter8
Chapter8Chapter8
Chapter8
 
Managing Misbehavior (prepared by: Melisa R. Sumbilon)
Managing Misbehavior (prepared by: Melisa R. Sumbilon)Managing Misbehavior (prepared by: Melisa R. Sumbilon)
Managing Misbehavior (prepared by: Melisa R. Sumbilon)
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-b
 
The Inside Job: Detecting, Preventing and Investigating Data Theft
The Inside Job: Detecting, Preventing and Investigating Data TheftThe Inside Job: Detecting, Preventing and Investigating Data Theft
The Inside Job: Detecting, Preventing and Investigating Data Theft
 
Work from home policy
Work from home policyWork from home policy
Work from home policy
 
NIST Privacy Engineering Working Group - Risk Model
NIST Privacy Engineering Working Group - Risk ModelNIST Privacy Engineering Working Group - Risk Model
NIST Privacy Engineering Working Group - Risk Model
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 
Learning Activity 1Following is a list of ethical issues that are.pdf
Learning Activity 1Following is a list of ethical issues that are.pdfLearning Activity 1Following is a list of ethical issues that are.pdf
Learning Activity 1Following is a list of ethical issues that are.pdf
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptx
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxCYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
 
HIPAA Compliance Email
HIPAA Compliance EmailHIPAA Compliance Email
HIPAA Compliance Email
 

Recently uploaded

obat aborsi jogja wa 081313339699 jual obat aborsi cytotec asli di jogja
obat aborsi jogja wa 081313339699 jual obat aborsi cytotec asli di jogjaobat aborsi jogja wa 081313339699 jual obat aborsi cytotec asli di jogja
obat aborsi jogja wa 081313339699 jual obat aborsi cytotec asli di jogja
nitatalita796
 
Abortion pills in Abu Dhabi ௵+918133066128௹Un_wandted Pregnancy Kit in Dubai UAE
Abortion pills in Abu Dhabi ௵+918133066128௹Un_wandted Pregnancy Kit in Dubai UAEAbortion pills in Abu Dhabi ௵+918133066128௹Un_wandted Pregnancy Kit in Dubai UAE
Abortion pills in Abu Dhabi ௵+918133066128௹Un_wandted Pregnancy Kit in Dubai UAE
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Obat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di Makassar
Obat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di MakassarObat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di Makassar
Obat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di Makassar
clarintahafafa
 
Catheterization Procedure by Anushri Srivastav.pptx
Catheterization Procedure by Anushri Srivastav.pptxCatheterization Procedure by Anushri Srivastav.pptx
Catheterization Procedure by Anushri Srivastav.pptx
AnushriSrivastav
 
Tortora PRINCIPLES OF ANATOMY AND PHYSIOLOGY - Tortora - 14th Ed.pdf
Tortora PRINCIPLES OF ANATOMY AND PHYSIOLOGY - Tortora - 14th Ed.pdfTortora PRINCIPLES OF ANATOMY AND PHYSIOLOGY - Tortora - 14th Ed.pdf
Tortora PRINCIPLES OF ANATOMY AND PHYSIOLOGY - Tortora - 14th Ed.pdf
Dr. Afreen Nasir
 
Unlock the Secrets to Optimizing Ambulatory Operations Efficiency and Change ...
Unlock the Secrets to Optimizing Ambulatory Operations Efficiency and Change ...Unlock the Secrets to Optimizing Ambulatory Operations Efficiency and Change ...
Unlock the Secrets to Optimizing Ambulatory Operations Efficiency and Change ...
Health Catalyst
 
Healthcare Market Overview, May 2024: Funding, Financing and M&A, from Oppenh...
Healthcare Market Overview, May 2024: Funding, Financing and M&A, from Oppenh...Healthcare Market Overview, May 2024: Funding, Financing and M&A, from Oppenh...
Healthcare Market Overview, May 2024: Funding, Financing and M&A, from Oppenh...
Levi Shapiro
 
Top 20 Famous Indian Female Pornstars Name List 2024
Top 20 Famous Indian Female Pornstars Name List 2024Top 20 Famous Indian Female Pornstars Name List 2024
Top 20 Famous Indian Female Pornstars Name List 2024
minkseocompany
 

Recently uploaded (20)

obat aborsi jogja wa 081313339699 jual obat aborsi cytotec asli di jogja
obat aborsi jogja wa 081313339699 jual obat aborsi cytotec asli di jogjaobat aborsi jogja wa 081313339699 jual obat aborsi cytotec asli di jogja
obat aborsi jogja wa 081313339699 jual obat aborsi cytotec asli di jogja
 
Abortion pills in Abu Dhabi ௵+918133066128௹Un_wandted Pregnancy Kit in Dubai UAE
Abortion pills in Abu Dhabi ௵+918133066128௹Un_wandted Pregnancy Kit in Dubai UAEAbortion pills in Abu Dhabi ௵+918133066128௹Un_wandted Pregnancy Kit in Dubai UAE
Abortion pills in Abu Dhabi ௵+918133066128௹Un_wandted Pregnancy Kit in Dubai UAE
 
Leadership Style - Code and Rapid Response Workshop
Leadership Style - Code and Rapid Response WorkshopLeadership Style - Code and Rapid Response Workshop
Leadership Style - Code and Rapid Response Workshop
 
Obat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di Makassar
Obat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di MakassarObat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di Makassar
Obat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di Makassar
 
Mike Lowe’s cancer fight lowe strong shirt
Mike Lowe’s cancer fight lowe strong shirtMike Lowe’s cancer fight lowe strong shirt
Mike Lowe’s cancer fight lowe strong shirt
 
mHealth Israel_Healthcare Finance and M&A- What Comes Next
mHealth Israel_Healthcare Finance and M&A- What Comes NextmHealth Israel_Healthcare Finance and M&A- What Comes Next
mHealth Israel_Healthcare Finance and M&A- What Comes Next
 
Lactation Mraining Management Session-2-Comm-Building-Conf.ppt
Lactation Mraining Management Session-2-Comm-Building-Conf.pptLactation Mraining Management Session-2-Comm-Building-Conf.ppt
Lactation Mraining Management Session-2-Comm-Building-Conf.ppt
 
Catheterization Procedure by Anushri Srivastav.pptx
Catheterization Procedure by Anushri Srivastav.pptxCatheterization Procedure by Anushri Srivastav.pptx
Catheterization Procedure by Anushri Srivastav.pptx
 
Leading large scale change: a life at the interface between theory and practice
Leading large scale change: a life at the interface between theory and practiceLeading large scale change: a life at the interface between theory and practice
Leading large scale change: a life at the interface between theory and practice
 
Young & Hot ℂall Girls Kolkata 8250077686 WhatsApp Number Best Rates of Kolka...
Young & Hot ℂall Girls Kolkata 8250077686 WhatsApp Number Best Rates of Kolka...Young & Hot ℂall Girls Kolkata 8250077686 WhatsApp Number Best Rates of Kolka...
Young & Hot ℂall Girls Kolkata 8250077686 WhatsApp Number Best Rates of Kolka...
 
Tortora PRINCIPLES OF ANATOMY AND PHYSIOLOGY - Tortora - 14th Ed.pdf
Tortora PRINCIPLES OF ANATOMY AND PHYSIOLOGY - Tortora - 14th Ed.pdfTortora PRINCIPLES OF ANATOMY AND PHYSIOLOGY - Tortora - 14th Ed.pdf
Tortora PRINCIPLES OF ANATOMY AND PHYSIOLOGY - Tortora - 14th Ed.pdf
 
Antiepileptic-Drugs-and-Congenital-Anomalies copy.pptx
Antiepileptic-Drugs-and-Congenital-Anomalies copy.pptxAntiepileptic-Drugs-and-Congenital-Anomalies copy.pptx
Antiepileptic-Drugs-and-Congenital-Anomalies copy.pptx
 
Mangalore * HiFi ℂall Girls Reshm@ Phone No 8250077686 Elite ℂall Serviℂe Ava...
Mangalore * HiFi ℂall Girls Reshm@ Phone No 8250077686 Elite ℂall Serviℂe Ava...Mangalore * HiFi ℂall Girls Reshm@ Phone No 8250077686 Elite ℂall Serviℂe Ava...
Mangalore * HiFi ℂall Girls Reshm@ Phone No 8250077686 Elite ℂall Serviℂe Ava...
 
Personnel and Equipment - Code and Rapid Response Workshop
Personnel and Equipment - Code and Rapid Response WorkshopPersonnel and Equipment - Code and Rapid Response Workshop
Personnel and Equipment - Code and Rapid Response Workshop
 
Unlock the Secrets to Optimizing Ambulatory Operations Efficiency and Change ...
Unlock the Secrets to Optimizing Ambulatory Operations Efficiency and Change ...Unlock the Secrets to Optimizing Ambulatory Operations Efficiency and Change ...
Unlock the Secrets to Optimizing Ambulatory Operations Efficiency and Change ...
 
Session-17-KANGAROO-MOTHER-CARE_final-blue.pptx
Session-17-KANGAROO-MOTHER-CARE_final-blue.pptxSession-17-KANGAROO-MOTHER-CARE_final-blue.pptx
Session-17-KANGAROO-MOTHER-CARE_final-blue.pptx
 
Coach Dan Quinn Commanders Feather T Shirts
Coach Dan Quinn Commanders Feather T ShirtsCoach Dan Quinn Commanders Feather T Shirts
Coach Dan Quinn Commanders Feather T Shirts
 
GENETICS and KIDNEY DISEASES /
GENETICS and KIDNEY DISEASES /GENETICS and KIDNEY DISEASES /
GENETICS and KIDNEY DISEASES /
 
Healthcare Market Overview, May 2024: Funding, Financing and M&A, from Oppenh...
Healthcare Market Overview, May 2024: Funding, Financing and M&A, from Oppenh...Healthcare Market Overview, May 2024: Funding, Financing and M&A, from Oppenh...
Healthcare Market Overview, May 2024: Funding, Financing and M&A, from Oppenh...
 
Top 20 Famous Indian Female Pornstars Name List 2024
Top 20 Famous Indian Female Pornstars Name List 2024Top 20 Famous Indian Female Pornstars Name List 2024
Top 20 Famous Indian Female Pornstars Name List 2024
 

Insider Threats to PHI and ePHI

  • 2. 1. Unintentional • An unintentional insider threat is a current or former employee… who, through action or inaction without malicious intent, unwittingly causes harm or substantially increases the probability of future serious harm to the confidentiality, integrity, or availability of data.” Definition from the SEI, CERT Division 2. Malicious • We will focus on malicious threats for the purpose of this presentation. Brian Solomon
  • 3.  Malicious InsiderThreat – A current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems. Definition from the SEI, CERT Division Brian Solomon
  • 4.  Former employees  Current employees  Visitors  Contractors  Consultants  Suppliers  Who else may have physical or electronic access? Brian Solomon
  • 5. Greed or financial need A belief that money can fix anything. Excessive debt or overwhelming expenses. Anger or revenge Feelings of being “slighted” by a boss or coworker. Disgruntled to the point of retaliation against the company. Problems at work A pending layoff, job dissatisfaction, lack of recognition, disagreements with workers or managers Brian Solomon
  • 6. Compulsive and/or destructive behavior The need to support a drug/alcohol or other abusive behaviors. Relationship, marital, or family difficulties Martial conflicts or separation from family or other loved ones Ideology/Identification The desire to help the underdog or an aggrieved party of a situation. Brian Solomon
  • 7. Divided loyalty Loyalty to another company or person Ingratiation Desire to please or win approval from someone who could benefit from the data with the expectation of return favors. Brian Solomon
  • 8.  Takes material home via documents, flash drives, disks, or email without need or authorization.  Seeks to obtain sensitive information not related to their work activities.  Interest in confidential matters outside the scope of their work.  Accesses the computer network remotely while on vacation or at odd hours without authorization.  Disregards computer policies, installs personal software or hardware  Overwhelmed by life crises or career disappointments Brian Solomon
  • 9.  Noncompliance with IT policies or improper use of IT system.  Attempting to access IT system remotely after dismissal or at unusual hours.  Illegal, unethical, or other activity that is forbidden by policy (attempting to hack passwords, accessing restricted data not related to job…).  Sending business or PHI data to or from private email accounts.  Emailing sensitive data that is not encrypted via the internet. Brian Solomon
  • 10.  Employees improperly trained and/or infrequently trained on how to protect PHI.  Employees with access to data that is not needed for their job.  Unclear policies for working outside the office or at home.  Employee perception that security for PHI is relaxed or nonexistent.  Employee perception that unauthorized release of PHI has minimal consequences or “doesn’t hurt anybody.” Brian Solomon
  • 11. Aeran, A. (2006). Comprehensive Overview of Insider Threats and their Controls. Retrieved from cccure.org: https://www.cccure.org/ Blue Lance Inc. (2011). Internal Cyber Threat Prevention. Retrieved from bluelance.com: http://www.bluelance.com/ Carmine Nigro, F. B. (2014). The Enemy Within: Dealing With Insider Threats. HIMSS Take Action Annual Conference 2014 (p. 8). Boston: Healthcare Information Management Systems Society. National Cybersecurity and Communications Integration Center. (2014). Combating the Insider Threat. Washington, DC: US Dept of Homeland Security. U.S. Department of Justice. (2014). counterintelligence insider threat. Retrieved from fbi.gov: http://www.fbi.gov/about- us/investigate/counterintelligence/ Brian Solomon