DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Reducing insider breaches – what works?

Posted on January 2, 2013 by Dissent

Over the past year, I’ve had the opportunity to talk to a number of people in different organizations who are concerned with insider breaches in the health care sector.  One of those people is Kurt Long, CEO and Founder of FairWarning, a firm that provides patient privacy monitoring (privacy breach detection) systems.

So, here’s a little pop quiz to start this post:

  1. What percent of insider breaches are reduced by employee training on HIPAA and review of access policies?
  2. What percent of insider breaches can be reduced by installing monitoring software?
  3. What percent of insider breaches can be reduced if you actually enforce policies and discipline employees?

Ready for his answers?

According to data compiled by FairWarning using before-and-after data on their clients:

  • Employee training can reduce insider breaches by 58%
  • Monitoring the network for improper access is crucial, but may not significantly change the culture until combined with
  • Disciplining or sanctioning employees, which effectively communicates that employee access is being monitored and inappropriate access will have serious consequences.

Monitoring and enforcement can reduce insider breaches by another 40%.

Overall, within a 6-month period, FairWarning’s clients experience an 85- 98% reduction in insider breaches, Long says.

That’s good advertising for them, and I’m sure readers will point out that their statistics, based on a non-random sample, may be somewhat self-serving. But their findings should also be food for thought for your practice or organization.

This past year, I blogged a lot about  insider breaches in the healthcare sector. While strengthening firewalls against external threats is critical, as is training employees not to fall for phishing schemes and not to leave PII on unencrypted devices in unattended vehicles, some of the standard security precautions – like encrypting PHI – really do nothing to reduce breaches by those who are authorized to access patient data. FairWarning’s data suggest that a strong employee training program combined with monitoring access and making a point of enforcing discipline so that everyone gets the message might reduce the vast majority of insider privacy breaches.

But while creating a culture in which employees understand that they might or will lose their jobs for inappropriate access is important, I think it’s also crucial that those in the health care sector see more examples of employees being criminally prosecuted for snooping or other inappropriate access. California has been in the forefront of pursuing cases of snooping, while the federal government has been in the forefront of prosecuting cases involving patient data used for Medicare fraud and tax refund fraud.  Unfortunately, many prosecutions for  fraud do not name the hospital or health care provider whose employee(s) engaged in illegal conduct. Perhaps if they did, organizations of all sizes would be more concerned about potential reputation harm and would take more aggressive steps to prevent insider breaches. Even if an entity is not named, however, such breaches can incur significant breach costs and affect patients’ confidence or trust in the entity to protect their sensitive information.

So what will your organization be doing in 2013 to reduce insider breaches?  And if your organization has implemented some effective strategies to reduce insider breaches, what are those strategies?

Related posts:

  • 82% of Health IT Executives Report Their Organizations Are Not Prepared for the Unexpected
  • Health Data Breaches in 2017: The Year in Review
  • Gaps In Hospital Security Policies Put Patient Data At Risk
Category: Health Data

Post navigation

← Arabic News site Durar Shamiya Hacked, 50,000 Accounts Leaked
Tutu Foundation UK Hacked, Defaced by @SatanSec →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.