Healthcare suffers double the average amount of internal security breaches

Independent research finds hospitals, care providers and medical insurers experience twice as many internal security breaches in comparison to other sectors.

The threat from within rife in the healthcare sector

healthcare security breaches

Organisations in the healthcare sector are experiencing double the average amount of internal security breaches, in comparison to all industries. The findings are based on research revealed in our recent report ‘The Insider Threat Security Manifesto’.

The research also found that despite IT professionals in the healthcare sector being more concerned about insider threats than their colleagues in other industries, with 30% considering it to be in their top three security priorities compared to 21% on average, they spend less on security overall with 12% of budget spent compared to the average of 15%.

Internal security appears to be a more serious issue in healthcare than other industries such as finance or retail, with 16% of IT professionals in the sector citing that internal security concerns them more than external, in comparison to just 7% of all other IT professionals. The reason may be connected to the proliferation of password sharing in healthcare, as IT professionals estimates suggest 30% of employees in healthcare sharing passwords, higher than the average of 25%

Concern is directed at newly hired staff in particular, who were only a worry for 8% of IT professionals in other industries, but 25% of IT professionals in healthcare.

Mitigating healthcare security breaches

Fortunately, IT professionals in healthcare are on average slightly more aware that technology can help them address internal security, with 18% agreeing this is the case compared to 14% overall.

François Amigorena, CEO, IS Decisions said: “Against the background of the debates going on in both the US and the UK about patient data, with Obamacare and, it is worrying to see that the healthcare sector appears to have a particular problem with internal security. Your own employees are the most likely source of a data breach, and it appears that in healthcare that is an even bigger problem than elsewhere. Considering the sensitive nature of patient data, this suggests that there is significant reason for concern.”

“Internal security is a cultural issue, as exemplified by the issue of password sharing which again is more common in healthcare, but technology can help you address it. As we are seeing more and more patient data being stored digitally, it’s important that the appropriate steps are being taken to ensure that that data is secure from both malicious attack and accidental breaches.”

*Research conducted by CensusWide on behalf of IS Decisions among 250 IT decision makers in the UK and 250 IT decision makers in the US

Download The Insider Threat Manifesto: Beating the threat from within for more information.


  1. Where insider threats sit on the IT security agenda
  2. The Edward Snowden effect: is awareness of insider threats growing?
  3. Password Sharing and where the threat lies
  4. Active Directory and Insider Threats
  5. Network management and compliance
  6. Ten steps to beating insider threats
  7. Conclusion

Share this post :


Chris Bunn is the Directeur Général Adjoint of IS Decisions, a global cybersecurity software company, specializing in access management and multi-factor authentication for Microsoft Active Directory environments and the cloud.