Insider theft and employee error/negligence tied for the second-most common data breach sources in 2016 in the health industry. In addition, insider theft was a bigger problem in the healthcare sector than in other industries, and has been for the past five years.
Insider theft is alleged to have been at play in the Jackson Health System incident. Former employee Evelina Sophia Reid was charged in a fourteen-count indictment with conspiracy to commit access device fraud, possessing fifteen or more unauthorized access devices, aggravated identity theft, and computer fraud, the Department of Justice said. Prosecutors say that her co-conspirators used the stolen information to file fraudulent tax returns in the patients' names.
What's the next data breach tactic for the healthcare industry to be aware of? According to Barney, it's "spear phishing," a scheme involving email that purports to be from company executives and requests personal information on employees.
The IRS noted a "400 percent surge in phishing and malware incidents so far this tax season and other reports of scams targeting others in a wider tax community" in a March 2016 warning to payroll and human resource professionals, she says.
"They pretend to be someone in authority," Barney says, and trick employees into giving things like social security numbers and W2 forms. "It's providing the thief with anything and everything they need to commit tax fraud."
Alexandra Wilson Pecci is an editor for HealthLeaders.