Insider threats in the healthcare sector are becoming increasingly common and more complex. According to Verizon’s 2025 Data Breach Investigations Report, within the healthcare industry, internal actors were responsible for 30% of breaches. These incidents are often hard to detect, with many involving insiders misusing their access for years before being identified. Addressing this issue is especially vital now, as the rise of challenges facing healthcare workers becomes more prevalent, including widespread physician burnout, staffing shortages, and growing frustration over administrative tasks. The chances of insider threats rise sharply as tension and fatigue within the industry lead to frustrated or overworked employees.
These threats can be especially harmful within this industry because of the access to sensitive patient information, operational disruptions, and regulatory consequences. While companies traditionally rely on tech-focused solutions, there is a wider and often overlooked cause of these threats, that presents an opportunity for unique solutions; particularly when it comes to malicious insiders and agitated employees. Understanding insider threats as a human-centric problem is key to addressing the root of insider threats.
Breaking down insider threats within the healthcare industry
When identifying a solution to insider threats, companies often turn to investing in new tools or technologies, overlooking a key factor: insider threats are a human problem that require a human fix. This means shifting their solutions to address stressed, overworked, or poor performing employees. Common examples of this could include disgruntled employees leaking data or workers accessing unauthorized patient data for financial gain. Work stressors can increase the likelihood of insider threats, including organizational change, overwhelming workload, or conflicts with supervisors. Beyond the workplace, a wide range of life stressors from marital complications, bereavement, or financial difficulties can also play a major role.
These stressors can lead to concerning workplace behavior that managers must pay attention to. Some warning signs include declining performance and frequent or unusual incidents. Other indications may involve a previous history or present abusive behavior, known debts or sudden and unexplainable wealth, addiction, or extremist psychological views or mental health issues. When companies choose to ignore these concerning behaviors, it can be the final tipping point that leads to negligent or malicious attacks. Inaction or underestimating the impacts in response to employees’ problematic actions can cause larger issues. On the other hand, an overly aggressive response can also put an employee over the edge. Finding the right response requires balancing empathy, vigilance, and proactive intervention before small warning signs escalate to serious security breaches.
Moving away from technology-based solutions to a human-centric approach
While technological-based remedies are necessary to identify/prevent insider threats they aren’t a sufficient response. Tools like monitoring software, firewalls, and data loss prevention can’t address human factors like stress, dissatisfaction, or mental health challenges, which are especially prevalent in the high-pressure healthcare industry. Instead, organizations must go beyond identifying potential threat actors and address issues through proactive and holistic measures. This means creating a culture of trust and psychological safety with a true goal of helping employees through difficult times. A Gartner study found that employers that support their employees’ overall well-being see a 21% increase in the number of high performers.
It’s vital that organizations see the relationship between employees and security requires more than just supportive technology to succeed. Security, HR, and upper management all play a critical role in insider threat management. There are several practical steps health organizations can take to help support these efforts. These include anonymous reporting for stressors or concerning behaviors, providing access to both mental and financial health resources, and training managers to help detect signs early on and prevent them from further escalation. Ultimately, fostering a positive workplace culture leads to a secure workplace.
Creating the foundation for a stronger, safter healthcare organization
Preventing cybersecurity problems like insider threats goes beyond investing in technical solutions. The impact of these threats can be especially detrimental for healthcare professionals, making it essential for them to put their resources towards effective, human-centric solutions. By focusing on employee well-being, encouraging open communication, and strengthening workplace relationships, companies can build a more secure and resilient environment, lowering the risk of insider treats and reducing the reliance on technological controls.
Joe Evangelisto
Joe Evangelisto is the Chief Information Security Officer at NetSPI, overseeing IT, security, and GRC. With 25+ years in IT and the past five focused on security and compliance, he specializes in transforming organizations and building high-performing teams. Joe is a frequent speaker at cybersecurity events and panels and brings deep expertise in IT leadership, operations, and business management across federal, nonprofit, life sciences, and tech sectors.
