Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Healthcare Unable To Keep Up With Insider Threats

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 2 May 2012 01:47:37 -0500 (CDT)
http://www.darkreading.com/insider-threat/167801100/security/news/232901235/healthcare-unable-to-keep-up-with-insider-threats.html

By Ericka Chickowski
Contributing Editor
Dark Reading
May 01, 2012
April has been a brutal month for healthcare breaches, with three major breaches disclosed accounting for nearly 1.1 million records lost. The thread woven throughout each has been the role of insiders--both malicious and inept--in triggering the incidents.
In one case at the Utah Department of Health, approximately 780,000 Medicaid records were exposed due to the misconfiguration of a server containing these files. Human error also accounted for the loss of 315,000 patient records at Emory Healthcare, when 10 backup disks went missing from a storage facility at Emory University Hospital. Meanwhile at South Carolina's Department of Health and Human Services, the insider threat event took a more malicious turn as an employee sent 228,000 Medicaid patient records to himself via email. The investigation is still ongoing but already the employee, Christopher Lykes, was both fired and arrested by the South Carolina State Law Enforcement Division for his malfeasance.
According to experts, these three incidents are representative of the types of consequences healthcare organizations face when they fail to address insider threats through improved employee screening, monitoring, data controls and security awareness training. According to Rick Dakin, CEO of the IT security consulting firm Coalfire Systems, over half of the insider incidents his company investigates involve an insider in some way, shape or form.
"It's not typically malicious--the bulk of the insider threat is lack of knowledge. Users access data, leave data on systems, and it's not maliciously intended," says Dakin, who says that regardless of intent, insider incidents tend to occur due to the same weaknesses. "The insider threat follows the same vector: lack of access controls. A lack of monitoring. The lack of data loss prevention tools. There's a series of control breakdowns that allow insider threats to maliciously or just through human error and mistake access data and compromise the data." 

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Previous By Date Next
Previous By Thread Next

Current thread: