*2.1.6 Internal threats*

Besides external cybersecurity threats, healthcare providers sometimes have to face internal threats as well. These internal threats to the organizations are either due to human error or as a result of a breach of an employment contract. According to several case studies, there are three types of internal attacks: the carelessness/ negligence of employee or contractor, the criminal or malicious insider, and the credential thief (imposter risk) [28].
