Healthcare // Security & Privacy
News
4/7/2014
09:06 AM
Connect Directly
RSS
E-Mail

Colleagues In Cuffs: When Employees Steal Patient Records

The Queens County DA recently arrested two Jamaica Hospital employees for stealing patient data, a lucrative crime occurring at hospitals across the nation.

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
4/11/2014 | 10:19:31 AM
Re: Identifying unhappy employees
Studies have shown money isn't always the most important part of keeping employees happy and engaged. That said, people should (IMHO) earn a livable wage, especially when they're in a career that's involved training and education. 
Gary Scott
50%
50%
Gary Scott,
User Rank: Strategist
4/10/2014 | 1:38:10 PM
Employee Data Theft
Employees don't need to be unhappy, greedy or unethical to cause a data breach – information that is lost, stolen or compromised – just misinformed.    

The amount of information stolen by employees is a fraction of the information lost during the computer recycling process.  Why?  Companies usually rely on low-level employees to dispose of old IT equipment.  In turn, those employees rely on the local electronic recycling company to remove equipment and, only as a secondary part of the process, erase or destroy hard drives. 

One of the most common causes of data getting in the wrong hands is NOT the loss of mobile devices.  Research has shown that up to 30% of computer equipment purchased in the secondary market – think eBay – contains confidential information.  There are currently 115,000 used hard drives listed on eBay, which does not include whole PCs, laptops, servers and storage equipment.  The math does not look good for secure data.
BobH088
50%
50%
BobH088,
User Rank: Apprentice
4/9/2014 | 8:12:08 PM
security solution

One of the most common causes of data getting in the wrong hands is the loss of mobile devices that often contain a frightening amount of private information. I want to share a protection option that worked for me. Tracer tags (mystufflostandfound.com) let someone who finds your lost stuff contact you directly without exposing your private information. I use them on almost everything I take when I travel like my phone, passport and luggage after one of the tags was responsible for getting my lost laptop returned to me in Rome one time.
Shane M. O'Neill
50%
50%
Shane M. O'Neill,
User Rank: Author
4/7/2014 | 5:00:11 PM
Re: Identifying unhappy employees
"Installing firewalls and locking down databases doesn't work if thieves have the keys or designed the infrastructure." 

Another reason to keep IT staff happy!

But seriously, worker unhappiness is often a hard thing for even the most conscientious managers to detect. An employee could be unhappy but also quite competent and good at concealing his or her emotions. Displays of "active disengagement" and undermining others work are the real red flags and that's where a smart, observant manager is the company's best ally. At the same time, IT must fortify the hospitals systems and only allow employees access to the data they need for their jobs. And also monitor suspicious activity regularly. As Allison mentioned in her comment, savvy managers and strong tech are the best medicine.

 

 
Gary_EL
50%
50%
Gary_EL,
User Rank: Ninja
4/7/2014 | 3:01:17 PM
Re: Identifying unhappy employees
Well, anyone trying to get by on $12 an hour is bound to be unsatisfied and unhappy, so that means that almost everyone is a "suspect". There's a lesson to be had here, and that is, you can and should tighten up computer system security, but you can't control the human heart.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
4/7/2014 | 10:52:55 AM
Re: Identifying unhappy employees
I am not sure, but that's a great question. Just because employees are unhappy, it doesn't automatically mean they'll go on to do something unethical, either. Most unhappy workers will either stay where they are or start looking for new employment. It's only a certain percentage that will proactively sabotage their organization. 

In reading and writing about this in the past, a lot comes back to strong, good managers who know their teams and can sense when something is amiss. It also involves implementing the right technology tools to ensure individuals are accessing only the data they need, as often as they need to, and that alarms go off when someone appears to be doing something odd -- copying info, sharing data, accessing info they don't need, etc. It's more difficult when IT is the one doing the misdeeds, of course, but the combo of savvy managers, well-trained employees who are alert to oddities (like a $12/hour colleague who drives a 2014 Porsche and wears Armani), and strong tech will help. 
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
4/7/2014 | 9:57:52 AM
Identifying unhappy employees
Is there any science to identifying the unhappy/disengaged employees who might be the source of patient data theft problems? Is unhappiness really the key? I'd think some sort of psychological screening for ethical thinking would be more important. But I don't know how you measure either happiness or ethics on an ongoing basis, other than to pay attention to those individuals who are openly grumbling.
<<   <   Page 2 / 2
Healthcare Data Breaches Cost More Than You Think
Healthcare Data Breaches Cost More Than You Think
Healthcare providers just don't get it. They refuse to see the need to fully secure their protected health information from unauthorized users -- and from authorized users who abuse their access privileges. As a result, they don't allocate enough budgetary resources for securing medical data.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.