More than half of all healthcare data breaches reported during 2017 could be traced back to people on the inside of victim organisations, according to an annual study by Verizon.
The company's latest Protected Health Information Data Breach Report (PHIDBR) looked at 1,368 mostly US examples, identifying 782 (57.5 per cent) as having an insider element.
A further 571 (42 per cent) were external attacks, 80 (5.9 per cent) happened via partners, and 69 (5.1 per cent) involved collusion between entities on the inside or outside.
PHIDBR is a more detailed breakdown of data from Verizon's Data Breach Investigations Report from April and comes almost a year in arrears.
For 382 of the insider breaches no motive could be attributed, while more half were driven by money. More surprisingly, 94 insider breaches were caused by "fun/curiosity" – medical staff sneaking a look at the records of famous people, family members or acquaintances without authorisation.
Another 32 were caused by "convenience", or to quote Verizon's researchers: "When insiders do something that will make it easier for them to get their work done, but as a consequence also puts data at risk."
Bottom of the list of motivations were grudges, which accounted for 14 incidents, and espionage only 11.
Abuse of privileges was a factor in 254 (66 per cent) of insider incidents.
Looking at external breaches, the most popular way in was via stolen credentials in 33 (49.3 per cent) events, ahead of brute-forcing passwords at 11 (21 per cent), and backdoor exploits on 12 (18 per cent).
Social attacks – referred to sarcastically as security's "carbon layer" – loom unsurprisingly large, with phishing by far the biggest of these. Phishing was used in 72 attacks in this category, way ahead of bribery, extortion, and forgery.
Insider incidents are a universal problem, though "healthcare is the only industry in which internal actors are the biggest threat to an organization," the authors noted.