Insiders played a role in healthcare data breaches
April has been a brutal month for healthcare, with three major breaches disclosed accounting for nearly 1.1 million records lost. The thread woven throughout each has been the role of insiders -- both malicious and inept -- in triggering the incidents.
In one case at the Utah Department of Health, approximately 780,000 Medicaid records were exposed due to the misconfiguration of a server containing these files. Human error also accounted for the loss of 315,000 patient records at Emory Healthcare, when 10 backup disks went missing from a storage facility at Emory University Hospital. Meanwhile at South Carolina's Department of Health and Human Services, an employee sent 228,000 Medicaid patient records to himself via email. The investigation is still ongoing, but already the employee, Christopher Lykes, was fired and arrested by the South Carolina State Law Enforcement Division for his malfeasance.
According to experts, these three incidents are representative of the types of consequences healthcare organizations face when they fail to address insider threats through improved employee screening, monitoring, data controls, and security awareness training. According to Rick Dakin, CEO of the IT security consulting firm Coalfire Systems, more than half of the insider incidents his company investigates involve an insider in some way, shape, or form.