• E-mail
• Print
• RSS

Consider the threats "insiders" pose to your security

HIM Connection, December 6, 2011

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

HIPAA privacy and security officers often spend a lot of time and effort protecting their healthcare organization from the threat posed to its PHI by outsiders. Most organizations do a pretty good job of recognizing the threats to critical assets from outside their own perimeter. However, they must also not ignore the threat that comes from those inside the organization, said Randall F. Trzeciak, who spoke at the Fifth HIPAA Summit West in September in San Francisco.

Trzeciak is technical team lead of the Insider Threat Research Group, which is part of the federally funded Software Engineering Institute CERT® program at Carnegie Mellon University in Pittsburgh. Staff at the CERT Insider Threat Center have been researching insider crimes in many different industries for the past 10 years.

Organizations need to ensure their risk assessments recognize the threat that insiders pose, said Trzeciak. For instance, what if an insider decides to harm your ¬organization? What if an employee leaves your organization and takes sensitive information with him or her? What if a disgruntled employee disrupts a critical service or an insider takes patient information to sell it for use in some type of fraud?

Editor’s note: Click here to read the entire article in the December issue of Briefings on HIPAA.

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

• E-mail to a Colleague
• Print
• RSS
• Archive