DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Reducing insider breaches – what works?

Posted on January 2, 2013 by Dissent

Over the past year, I’ve had the opportunity to talk to a number of people in different organizations who are concerned with insider breaches in the health care sector.  One of those people is Kurt Long, CEO and Founder of FairWarning, a firm that provides patient privacy monitoring (privacy breach detection) systems.

So, here’s a little pop quiz to start this post:

  1. What percent of insider breaches are reduced by employee training on HIPAA and review of access policies?
  2. What percent of insider breaches can be reduced by installing monitoring software?
  3. What percent of insider breaches can be reduced if you actually enforce policies and discipline employees?

Ready for his answers?

According to data compiled by FairWarning using before-and-after data on their clients:

  • Employee training can reduce insider breaches by 58%
  • Monitoring the network for improper access is crucial, but may not significantly change the culture until combined with
  • Disciplining or sanctioning employees, which effectively communicates that employee access is being monitored and inappropriate access will have serious consequences.

Monitoring and enforcement can reduce insider breaches by another 40%.

Overall, within a 6-month period, FairWarning’s clients experience an 85- 98% reduction in insider breaches, Long says.

That’s good advertising for them, and I’m sure readers will point out that their statistics, based on a non-random sample, may be somewhat self-serving. But their findings should also be food for thought for your practice or organization.

This past year, I blogged a lot about  insider breaches in the healthcare sector. While strengthening firewalls against external threats is critical, as is training employees not to fall for phishing schemes and not to leave PII on unencrypted devices in unattended vehicles, some of the standard security precautions – like encrypting PHI – really do nothing to reduce breaches by those who are authorized to access patient data. FairWarning’s data suggest that a strong employee training program combined with monitoring access and making a point of enforcing discipline so that everyone gets the message might reduce the vast majority of insider privacy breaches.

But while creating a culture in which employees understand that they might or will lose their jobs for inappropriate access is important, I think it’s also crucial that those in the health care sector see more examples of employees being criminally prosecuted for snooping or other inappropriate access. California has been in the forefront of pursuing cases of snooping, while the federal government has been in the forefront of prosecuting cases involving patient data used for Medicare fraud and tax refund fraud.  Unfortunately, many prosecutions for  fraud do not name the hospital or health care provider whose employee(s) engaged in illegal conduct. Perhaps if they did, organizations of all sizes would be more concerned about potential reputation harm and would take more aggressive steps to prevent insider breaches. Even if an entity is not named, however, such breaches can incur significant breach costs and affect patients’ confidence or trust in the entity to protect their sensitive information.

So what will your organization be doing in 2013 to reduce insider breaches?  And if your organization has implemented some effective strategies to reduce insider breaches, what are those strategies?

No related posts.

Category: Health Data

Post navigation

← Arabic News site Durar Shamiya Hacked, 50,000 Accounts Leaked
Tutu Foundation UK Hacked, Defaced by @SatanSec →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case
  • Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
  • Hacker with ‘political agenda’ stole data from Columbia, university says
  • Keymous+ Hacker Group Claims Responsibility for Over 700 Global DDoS Attacks
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.