Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

Insider Threats: In the Healthcare Sector

Organizations are often too preoccupied with defending the integrity of their company and network from external threats to address the very real and dangerous risk that may lie within their own organization - insiders. The insider poses a threat because the legitimate access they have or had to proprietary systems discounts them from facing traditional cybersecurity defenses, such as intrusion detection devices or physical security. They also may have knowledge of the network setup and vulnerabilities, or the ability to obtain that knowledge, better than almost anyone on the outside. While an insider may be simply careless, others cause destruction with malice. The insider threat concept encompasses a variety of employees: from those unknowingly clicking on a malicious link which compromises the network or losing a work device containing sensitive data to those maliciously giving away access codes or purposely selling PHI/PII for profit.


An insider victimized one Texas hospital when an employee built a botnet, using the hospital network, to attack rival hacking groups. The individual was eventually caught after he filmed himself staging an “infiltration” of the hospital network and then posted it on YouTube for public viewing. The video clearly shows the individual using a specific key to “infiltrate” the hospital, which revealed his identity as Jesse McGraw, a night security guard of the building. The investigation revealed that McGraw had downloaded malware on dozens of machines, including nursing stations with patient records. Additionally, he installed a backdoor in the HVAC unit, which, if failed, would have caused damage to drugs and medicines and affected hospital patients during the hot Texas summer. McGraw pled guilty to computer tampering charges and is serving a 9-year sentence in addition to paying $31,000 in fines.


The best way to detect an inside threat is often other insiders. Training your users and employees on how to recognize and report an insider threat, or prevent them from inadvertently becoming one, is the best way to protect your organization. There are many open source resources on insider threats with training programs and educational materials for organizations and their employees. These include explanations on what suspicious activity and behavioral changes employees should be looking for in colleagues, and when and who to report it to. The Carnegie Mellon CERT tracks insiders and is a great place to start.