Auditing works.
On June 7, Concord Hospital notified the New Hampshire Attorney General’s Office that through its routine auditing, it had detected that an employee had improperly accessed 40 patients’ records, 13 of which had Social Security Numbers in the files. The individuals were mostly relatives, friends, and acquaintances. The hospital discovered the breach on May 11 and notified those whose records were improperly accessed.
While this was most likely a case of snooping and not intent to commit identity theft or fraud, it serves as a useful reminder of you don’t know what you’ve got until you look.