just google protenus data and you can find it. this is relatively consistent. between 25 and 40% of breaches are due to insiders. that's an individual thread of some legit mall -- legitimate access entities that. when i was the lowest of the low medical student in my white coat that could access any medical record of any individual who ever passed through my institution and that was not because my institution was unique in this respect. that is true of virtually every single health institute in the world. the reason emergency access you need to be able to get access very quickly. you also have to have extremely complex of armed with where practically using access control as i'm sure somebody in the audience have been thinking about is too complex to tackle with that type of threat. this insider threats served as insider threats served as one week underappreciate that leads to a huge proportion of the breaches we see all the time. as far as who is the most vulnerable this may come as no surprise but obviously the lion's share his hospitals themselves. this is no

while a lot of information today i'm presenting come some research that we done at protenus and some of the work that we are currently building a new america, i'm speaking on behalf of of either of those organizations state. really just talking from my experience and providing perspective on the challenges that we see in this space. i guess to content choice of this because sometimes we talk about cybersecurity they can be a little bit too much bits and bytes and people in hoodies. the first thing i always think about what i think about in health care cybersecurity is the patient i had when i was in medical school. i was fortunate to work in a clinic that focused on treating hiv-positive patients in baltimore when i was in med school. one of the things you learned quickly about this population other than their not so the wonderful really complex rewarding population to work with is to have extraordinary concerns around the privacy and security of the information. they will go to extreme lengths to make sure people do not find out about their diagnosis, the treatment or their coworker

just google protenus and you can find it. but huge proportion, this is relatively consistent, between 25-40% of breaches are due to insiders. that is individuals with some legitimate level of access to electronic health record and abuse that access. i for instance, when i i was at the lowest of the low medical student like dorky little white coat, i could access any medical record of any individual who ever passed through the walls of my institution. that was not because the institution was unique in this respect. that is to basically everything health system in the world. the reason is because for emergency access you need to be able to get access to the er quickly. you've extremely complex environments where proactively using access control as i'm sure some of you in the audience may be thinking about is really a failed paradigm. too complex to tackle. this insider threat surface one we often underappreciated but one we see all the time. as far as who is most vulnerable, this may come as no surprise, but obviously the lion'

breachogle protenus barometer. breaches5 and 40% of are due to insiders. that is individuals who have some legitimate level of access to the electronic health record and abuse that. when i was a medical student with my white coat, i could access any medical record of any individual who passed through the walls of my institution. that is not because my institution was unique. that is true of basically any health system in the world. for emergency access, you need to be able to get access very quickly. you also have complex environments where proactively using role-based access control is a failed paradigm. it is too complex to tackle with that kind of a threat. this insider threat is one we often underappreciated, but it is one that leads to a huge proportion of the breaches. who is most vulnerable? hospitals share is themselves. this is not because hospitals are lazy we do not care about the problem. they care an extraordinary amount. hospitals are often running on razor thin margins. their technology investment is not always what they want it to be. they