Health care industry is king of the malicious insider threat

The health care sector's IT suffered from malicious insider attacks at a rate far higher than any other major industry in 2016.

The health care sector’s IT suffered from malicious insider attacks at a rate far higher than any other major industry in 2016, according to new research from IBM.

The numbers further cement long held fears among health care technologists that highly valuable records, which sell on the black market for far-higher prices than stolen credit card information, are vulnerable in a sector that many professionals say does not do enough for security beyond minimum compliance requirements. About 25 percent of attacks on health care sector IT were malicious insider incidents, well above the rates in industries such as financial services (5 percent), manufacturing (4 percent) and retail (2 percent), the report said.

The industry also had a high rate of incidents by “inadvertent actors,” meaning an attack came from inside the system but without the knowledge of the compromised machine’s user. A typical example would be a machine infected by malware that isn’t activated until later and initially looks like an insider attack.


Those incidents accounted for about 46 percent of health care sector attacks, the report said. Only financial services had a higher rate, at 53 percent.

Medical records, in combination with other records, for sale on the dark net market AlphaBay

As electronic records increasingly replace paper based records in established and emerging health care markets, the digitization comes with potential risks both within organizations and “through indirect compromise such as third-party [electronic health record] vendor breaches,” according to IBM Security research.

One noteworthy example of a malicious insider successfully attacking the health care sector occurred in April 2016, when the personal information of 200,000 children leaked from Chinese hospitals due to the combined efforts of outside hackers and cooperative insiders. Local media reported the data was quickly sold after being stolen.

Researchers showed that health care was the only major industry in which insider threats actually outnumbered outsider attacks, a stark contrast to most industries that see a relatively tiny threat from the inside.


The finance industry, which can hold similarly valuable mountains of personal data, was both the most-attacked industry of 2016 according to IBM as well as the only other major industry that saw a majority of threats coming from inside the organization. In finance, however, the lion’s share of the insider threat is inadvertent.

“The fact that the insider attacks targeting the financial services and healthcare were largely the result of inadvertent actors may be due these industries having a greater susceptibility to phishing attacks,” the researchers write. “Organizations in these sectors should focus on educating employees about phishing and how to avoid becoming a victim, use a variety of approaches—video, webinars, in-person instruction—and require training at intervals to make the risk clear.”

You can read the full IBM X-Force Threat Intelligence Index report below:

Latest Podcasts