Research data shows insider threat is a dominant risk in the healthcare industry. According to the 2019 Verizon Insider Threat Report, insider threats affected 46% of healthcare organizations. Healthcare is the only industry where insiders were responsible for a higher percentage of breaches than external threat actors (Figure 1). In addition to healthcare staff, contractors, executives, and former employees collectively contribute to the problem.
Detecting insider threats is not always straightforward and may go unnoticed for months. On average, the time to detect and contain a breach in the healthcare industry is 350 days. This lengthy detection period, in turn, increases the cost of remediation. In the healthcare and pharmaceutical sectors, insider breach remediation can cost $10.81 million annually.
