We are in the last month of 2014, and we continue to hear about insider threats in the healthcare industry. In a recent headline, a hospital in Cleveland, Ohio reported that an employee improperly accessed medical and personal information of about 700 patients over a three-year period. The employee breached the hospital system’s electronic medical records, and was able to access names, home addresses, phone numbers, email addresses, medical and health insurance account numbers and other patient personally identifiable information.
It upsets me and probably a lot of the hospital patients that a spokesperson for the hospital said that “it appears the employee simply was snooping”. If an employee was just snooping for the past three years, there would be nothing to worry about. However it is obvious that there was more than snooping going around. Regardless, data has been stolen, and there was no mention if the information had been encrypted or monitored. Training, education and counseling of their employees in regards to privacy matters, in everyone’s guess is not enough. It has been said over and over again this year, especially because of the concern of insider threats. Any solution must protect the data itself no matter what. This is especially the case when we are dealing with insider threats.
If such information has been protected with DRM or digital rights management, such permission could be assigned on what this employee could and couldn’t do. In addition, the monitoring of this unusual behavior which obviously was not spontaneous was never brought to an administrator’s attention for the past 3 years. If identified then with a DRM protected document that contains patient’s confidential information the now former employee could have had his access revoked, as well.
We’ve said this over and over every time an insider threats has happened, and even more so in the health care industry. Patients continue to become impatient with the lack of security that these organizations have for their personal information. Make sure that you have the right solution to protect their sensitive information with data-centric solutions such as Fasoo Enterprise DRM.
Photo Credit: Jason Rosenberg