HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Resources to Help Healthcare Organizations Improve Resilience Against Insider Threats

September 2020 is the second annual National Insider Threat Awareness Month (NITAM). Throughout the month, resources are being made available to emphasize the importance of detecting, deterring, and reporting insider threats.

NITAM is a collaborative effort between several U.S. government agencies including the National Counterintelligence and Security Center (NCSC), Office of the Under Secretary of Defense Intelligence and Security (USD(I&S)), National Insider Threat Task Force (NITTF), Department of Homeland Security (DHS), and the Defense Counterintelligence and Security Agency (DCSA). NITAM was devised last year to raise awareness of the risks posed by insiders and to encourage organizations to take action to manage those risks.

Security teams often concentrate on protecting their networks, data, and resources from hackers and other external threat actors, but it is also important to protect against insider threats. An insider is an individual within an organization who has been granted access to hardware, software, data, or knowledge about an organization. Insiders include current and former employees, contractors, interns, and other individuals who have been given access to data or systems. Those trusted insiders could accidentally or deliberately take actions which are disruptive to the business. Those actions could cause damage to company facilities, systems, or equipment, result in financial harm, or expose or disclose intellectual property and sensitive data.

To combat insider threats, organizations need to establish an insider threat mitigation program to detect, deter, and respond to threats from malicious and unintentional insiders. The program should protect critical assets against unauthorized access and malicious acts, and the workforce should be trained how to identify insider threats and conditioned to report any suspicious behavior or activities. The program should also involve the collection and analysis of information to help identify and mitigate insider threats quickly.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The SARS-CoV-2 pandemic has created a new set of challenges. The changes made by organizations in response to the pandemic, such as the expansion of remote working to include the entire workforce, has increased the risk of espionage, unauthorized disclosures, fraud, and data theft. It is more important than ever for organizations to have an effective insider threat mitigation program.

The main focus of NITAM 2020 is improving resilience to insider threats. This can be achieved by improving awareness through education of the workforce, using the resources made available in September to learn how to detect and mitigate the actions of insider threats, and to improve protection against those threats.

The DHS Cybersecurity and Infrastructure Security Agency (CISA) is helping to raise awareness of insider threats and has published resources that can be used by healthcare organizations to improve organizational resilience and mitigate risks posed by insider threats. Games, videos, graphics, posters, and case studies to promote NITAM are available here.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.