Healthcare Information Security

Cybersecurity News

Will Privileged User Abuse Affect Healthcare Data Security?

An increase in privileged user abuse of IT resources could prove particularly harmful in terms of healthcare data security measures.

By Elizabeth Snell

Employee access is a key aspect of healthcare data security, and healthcare organizations of all sizes need to ensure that their administrative safeguards account for the type of information employees view, use, or transfer.

Administrative safeguards essential for healthcare data security

A recent Ponemon and Forcepoint study indicates that the impact of the risk caused by privileged user abuse or misuse of IT resources on access governance processes increased from 19 percent to 32 percent of respondents.

The 2016 Study on the Insecurity of Privileged Users took responses from 704 individuals who have “an in-depth knowledge of how their organizations are managing privileged users.” Privileged users include those in positions such as database administrators, network engineers, IT security practitioners and cloud custodians.

“While the study reveals companies are taking steps to manage the risk, the perception among those knowledgeable about access rights in their organizations is that the risk is either unchanged or increasing,” the report’s authors explained.

For example, the study showed that 91 percent of respondents state that the risk of privileged user abuse will increase or stay the same in the next 12 to 24 months.

Companies also report that it is difficult to keep up with the number of access change requests that come in on a regular basis. Specifically, 61 percent reported this in 2016, increasing from the 53 percent in 2011.

It is also becoming more difficult to determine if insider behavior is a threat.

“This is because security tools yield more data than can be reviewed in a timely fashion and behavior involved in the incident is consistent with the individual’s role and responsibility,” the report states. “Monitoring and reviewing of log files, SIEM and manual oversight are the primary steps taken to determine if an action taken by an insider is truly a threat.”

Not having enough contextual information, having security tools yield too many false positives, and having security tools that yield more data than can be timely reviewed are the top challenges for organizations in determining if there is actually an insider threat

Ponemon graph of challenges in detecting insider threat

Forty-six percent of those surveyed also reported that malicious insiders target privileged users to obtain their access rights.

Privileged user access abuse is also a key issues, with 76 percent of respondents stating privileged users feel they are empowered to access all the information they can view. Sixty-six percent reported that privileged users access sensitive or confidential data because of curiosity.

When it comes to mitigating potential insider risk, 63 percent of respondents state that they perform thorough background checks before issuances of privileged credentials, while 60 percent report they conduct regular privileged user training programs.

Ponemon graph of mitigating user abuse

Technology-based identity and access controls were also cited by 37 percent of respondents as a way to detect the sharing of system administration access rights by privileged users. Thirty-two percent report they use a combination of technology and manually based identity and access controls, while 10 percent admitted that access to sensitive or confidential information is not really controlled.

Privileged user abuse could be particularly damaging for healthcare data security measures within covered entities. This is why HIPAA regulations call for the “minimum necessary,” to ensure that individuals are only given the minimum amount of information necessary to complete their jobs. It can help keep PHI out of too many hands and help to limit unnecessary data transfers or viewings.

In June 2016, Accenture and HfS Research found in The State of Cybersecurity and Trust 2016 that 48 percent of respondents said they had a strong or critical concern over data theft from insiders in the next 12 to 18 months. Sixty-nine percent of those surveys also reported they had experienced an attempted or successful theft or corruption of data by insiders during the prior 12 month period.

Malicious insider threats are not the only consideration in terms of user abuse. Researchers at Dartmouth College, the University of Pennsylvania, and USC reported earlier this summer that healthcare cybersecurity measure workarounds often go unnoticed in organizations and are often taught to employees as the correct practice.

“Equally important, circumvention of cybersecurity is seldom examined by those concerned with workflow, HIT usability, barriers to teamwork, thought-flow, or user frustration,” the report’s authors explained. “Cybersecurity and permission management problems are hidden from management, and fall in the purview of computer scientists, engineers, and IT personnel.”

Image Credit: Ponemon

Dig Deeper:


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks