Why Insider Breach Prevention Needs to Stay Top-of-Mind
- by 7wData
Why Insider Breach Prevention Needs to Stay Top-of-Mind
Several recent health data security incidents serve as reminders of why healthcare entities need to stay focused on efforts to prevent and detect insider breaches even as attention is diverted by headlines about hacker attacks and ransomware.
For instance, last week, St. Charles Health System in Bend, Oregon, began notifying nearly 2,500 patients that a caregiver - over a period of about 27 months - was found to have accessed individuals' electronic medical records without authorization.
In a statement, the healthcare system says it launched an investigation on Jan. 16 and conducted an audit of all of the patient files accessed by the caregiver, concluding the insider may have inappropriately reviewed files containing patients' names, addresses, dates of birth, health insurance information, driver's license numbers and health information such as diagnoses, physicians' names, medications and treatment information.
While St. Charles Health says the employee has since "signed an affidavit stating that she has never used or shared any of the confidential patient information for the purpose of committing fraud, financial crimes or other crimes against the patients whose records were among those she viewed," the assurance apparently wasn't enough for local law enforcement officials.
On March 17, the day after St. Charles Health issued its statement about the incident, Deschutes County District Attorney John Hummel issued his own release saying he had launched a criminal investigation into the apparent breach.
"I was dismayed to learn via media reports that apparently a St. Charles employee impermissibly accessed records of thousands of patients," Hummel said. "An alleged breach of this magnitude should have been reported to local police so that a proper criminal investigation could be conducted - as far as I'm aware this did not happen."
Hummel added that his office is working with local law enforcement "to ensure that all relevant facts are detected and then conduct a legal analysis to determine if any criminal laws were violated."
Neither Hummel's office nor St. Charles Health immediately responded to my requests for comment.
St. Charles Health is just the latest in a seemingly endless string of healthcare entities at the center of law enforcement investigations as a result of insider-related breaches. And as we all know, many health data breaches - including those committed by insiders - also result in lawsuits filed by breach victims.
[Social9_Share class=”s9-widget-wrapper”]
Upcoming Events
Shift Difficult Problems Left with Graph Analysis on Streaming Data
29 April 2024
12 PM ET – 1 PM ET
Read MoreCategories
You Might Be Interested In
Applying Predictive Analytics: The Role of Artificial Neural Networks in Predicting Alzheimer’s Disease
29 Dec, 2016This monthly blog highlights and discuss emerging trends and challenges related to healthcare data and its ever changing life cycle. …
Blockchain, IoT, Artificial Intelligence Poised to Shake Up Healthcare
27 Oct, 2016Only a few short years ago, healthcare organizations were wondering what exactly “big data” was and why they had to …
Penn Signals Big Data Analytics Helps Penn Medicine Improve Patient Care
15 Sep, 2016Compared to other industries, healthcare as a whole has been a late adopter of big data predictive analytics. This may …
Recent Jobs
Do You Want to Share Your Story?
Bring your insights on Data, Visualization, Innovation or Business Agility to our community. Let them learn from your experience.