HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Insider Threat Self-Assessment Tool Released by CISA

Public and private sector organizations have a new tool to help them assess their level of vulnerability to insider threats. The new Insider Threat Risk Mitigation Self-Assessment Tool has been created by the Cybersecurity and Infrastructure Security Agency (CISA) to help users further their understanding of insider threats and develop prevention and mitigation programs.

In healthcare, security efforts often focus on the network perimeter and implementing measures to block external threats, but insider threats can be just as damaging, if not more so. Insiders can steal sensitive information for financial gain, can take information to provide to their next employer, or can abuse their privileged access to cause significant harm.

Insider breaches can have major consequences for businesses, with may include reputation damage, loss of revenue, theft of intellectual property, reduced market share, and even physical harm. CISA says insider threats can include current and former employers, contractors, or other individuals with inside knowledge about a business. The threat posed by insiders can be considerable due to the knowledge those individuals have about a business and the fact they are trusted and have privileged access to systems and sensitive data.

Large organizations are likely to have conducted risk assessments and put measures in place to mitigate insider threats. Small- and medium-sized businesses tend to have limited resources and may not have assessed their risk level and are most likely to benefit from using the new tool.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The tool consists of a series of questions that will establish the level of vulnerability to insider threats and will provide feedback to users to help them develop appropriate mitigations to guard against insider threats and reduce risk to a low and acceptable level.

“CISA urges all our partners, especially small and medium businesses who may have limited resources, to use this new tool to develop a plan to guard against insider threats.  Taking some small steps today can make a big difference in preventing or mitigating the consequences of an insider threat in the future,” said CISA Executive Assistant Director for Infrastructure Security David Mussington.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.