Internal Threats Remain Top Provider Concern

By Katie Wike, contributing writer

New KLAS survey reveals unauthorized access by employees is the number one concern when it comes to data security.

According to the latest KLAS report, “Security and Privacy Perception 2014: High Stakes, Big Challenges,” internal unauthorized data access is the number one security threat to providers. Just months ago, HIMSS research found three of four providers queried said their employees were a security concern, echoing KLAS the findings. Other top concerns listed by providers were BYOD and remote security policies.

According to Fierce Health IT, the majority of respondents “had used a third-party security firm in the past 18 months. The top five services organizations sought out from these companies were:

• HIPAA and Meaningful Use risk assessment
• Attack and penetration testing
• Privacy assessment
• HIPAA breach advisory services
• Mobile security advisory services”

“We are hearing from providers that security and privacy concerns are becoming a part of their everyday discussions,” said Erik Westerlind, report author in a press release. “At this point, a market leader has yet to be established. As the stakes get higher, healthcare organizations are using multiple firms for their security and privacy needs to ensure they are covering all of their bases.”

This survey echos the concerns in the Insider Threat Security Manifesto released by IS Decisions which said, “More often than not, the greatest risk to any organization comes from within. That unhappy employee or rogue insider who will go to any length to gain access to the organization’s crown jewels, share the sensitive data they get their hands on and even put it to some other unscrupulous use such as insider trading.” Thirty percent of the respondents to the IS Decisions study reported insider threats made their list of top three security concerns.