Insider Threats and Breaches: Results of the SANS Survey on Information Security Practices in the Healthcare Industry

Bethesda, Md. – The number of attack surfaces continues to rise as the use of mobile medical- and health-related apps grows and as electronic health records become ever-more embedded in clinical settings, according to results of a new survey to be released by SANS Institute in a two-part webcast on July 20 and July 21, 2016.

In it, 38% of respondents consider their medical devices to be a high risk, yet in reality, only 6% attribute actual breaches to such devices. Responsibility for the real breaches, respondents say, lies with their insiders:

  • 56% name phishing, spearfishing and whaling the leading type of attack
  • 39% see threats resting with insiders
  • 16% of impactful breaches are traced to third-party partners

While attack vectors vary by organization, 64% traced infiltrations to desktop computers, and 45% cited laptop computers, which are also user-related.

The fact, that the insider threat still remains high is definitely a concern," says SANS Analyst and author of the survey Barbara Filkins.

"The good news," continues Filkins, "is that respondents are taking a more holistic approach at the infrastructure level, rather than just trying to mark a check box on their compliance list."

"I am definitely encouraged by the fact that the focus for healthcare priorities is shifting to an operational emphasis, especially with the continued growth in attack surfaces," continues Filkins. "Security needs to be baked into clinical and other healthcare-related workflows, supported by improvements in application interfaces that promote the secure way as the easy way, and backed by appropriate monitoring and alerting capabilities."

Full results will be shared during a two-part webcast at 1 PM EDT on both July 20 and July 21, sponsored by Anomali, Carbon Black, ForeScout, Great Bay Software, Trend Micro, and WhiteHat Security, and hosted by SANS. Register to attend the July 20 webcast, which focuses on the assets most at risk, breaches against those assets, and how, in particular, cloud and mobile computing are changing the threat landscape, at and the July 21 webcast focusing on what the survey tells management in terms of priorities, breach management, controls and budgets at

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and healthcare expert, Barbara Filkins.

Tweet This

Insider Threats and Breaches: SANS 2016 Healthcare Survey Results|2 Part Series 7/20-7/21 1PM ET|Register: #infosec

"Insider threats remain high concern among healthcare industry" -2 Part Webcast Series| 7/20-7/21 @ 1 PM ET| #infosec

Taking a holistic approach to prevent cyber attacks in the #healthcare industry |2 Part Webcast - 7/20-7/21 1PM ET|

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (