A Montefiore Medical Center employee in New York stole names, addresses, dates of birth, Social Security numbers, next of kin information and health insurance details of more than 12,000 patients and used those identities to purchase clothing and other merchandise from some of New York’s finest department stores. The Montefiore employee was the trusted insider who sold the stolen information to a ring of seven others who perpetrated the crimes.
The employee printed thousands of patients’ records and sold them for $3 per copy to her outside accomplices. The hospital had no way of preventing or controlling this activity. The employee and her accomplices are under arrest, but the hospital may face charges for violating HIPAA and patient privacy laws.
Stealing personal information by printing it is nothing new, but most organizations probably don’t focus on it as a risk. Most focus on hackers or trusted insiders stealing digital documents, since that’s where the news headlines tell us to look.
Taking a data-centric approach to your security can give you a more holistic view into how sensitive data is used in your organization. You could block printing or require approval prior to printing a document if the document contains sensitive information. Each printout can show a visible watermark showing who printed it, including company logo, user name, IP address, time, date and other identifying information. This allows you to know the source of a potential data breach and deters people from inappropriate behavior when handling sensitive patient information.
Here are some advantages of providing a data-centric security approach to printing:
The print security solution works with any physical or virtual printer eliminating problems of using different printers or printer drivers. A full audit trail of all print activities, including the text or image of the actual printed content, ensures complete control of your printing environment. This reduces your risk of exposing patient or other sensitive information.
If you are in healthcare, you need to protect printed PHI and other sensitive information from easily leaving your premises.