Skip to main content

How Employees Can Also Pose Security Risks

 Articles:  

Miliard, Mike. “EHR Snooping at Montefiore Leads to Security Breach.” Healthcare IT News, February 1, 2021. https://www.healthcareitnews.com/news/ehr-snooping-montefiore-leads-security-breach.

Sutton, Scott. “Bethesda Hospital Hit by Security Breach; Patients' Private Information Possibly Impacted.” WPTV.com. WPTV, February 1, 2021. https://www.wptv.com/news/region-s-palm-beach-county/boynton-beach/bethesda-hospital-hit-by-security-breach-patients-private-information-possibly-impacted.

During the first week of February, two hospital systems, Montefiore Medical Center in The Bronx, NY, and Bethesda in Boynton Beach, FL, announced that they had experienced security breaches due to employee misconduct.  Montefiore case, a now former employee accessed the electronic health records (EHR) system and accessed patients' names, dates of birth, addresses, and potentially test results.  In the Bethesda case, an employee at the hospital accessed patient health records and altered a home health order.  The Montefiore breach happened between June and November 2020 and the Bethesda breach happened between June 2019 and December 2020.  Both were discovered in December 2020 and the employees were terminated.

These two incidents help to illustrate how employees can pose a security threat in healthcare settings.  In fact, according to a 2018 Verizon report, healthcare was the only industry where breaches due to inside threats outnumbered breaches due to outside threats.  In 2017, 56% of breaches were due to internal issues and of that 56%, 24% were due to employee misuse. (1) 

But what can be done about it?  The Verizon report recommends improving access logging so inappropriate access to records can be detected and changing employee permissions to make sure that no employee has access to information they don't need. (1)  Keystroke monitoring software could also be useful to detect problematic search terms.


1.  Jessica Davis, “Insider Threats, Human Error, Ransomware Are Healthcare's Biggest Risks, Verizon Report Says,” Healthcare IT News, April 10, 2018, https://www.healthcareitnews.com/news/insider-threats-human-error-ransomware-are-healthcares-biggest-risks-verizon-report-says.

Comments

Post a Comment

Popular posts from this blog

When Hacking is a Form of Statecraft

Article:   Johnson, Kevin. “'Criminal Syndicate with a Flag': North Korean Intel Operatives Charged in Hacking Campaign.” USA Today. Gannett Satellite Information Network, February 17, 2021. https://www.usatoday.com/story/news/politics/2021/02/17/us-charges-north-korean-intel-operatives-global-hacking-campaign/6781478002/. On February 17, 2021, the U.S. government charged three intelligence officials from the government of North Korea for participating in a global hacking campaign to steal $1.2 billion in crypto and regular currency.  According to the article, the investigation started after the 2014 Sony Pictures hack that led to the leaking of the movie The Interview but widened as investigators discovered what was described in the article as "a criminal syndicate with a flag representing the North Korean government."  The investigation also led to charges against a private citizen who was charged with organizing gangs of people using cloned ATM cards to steal mill...
Post a Comment
Read more

What else have we learned from the Solar Winds hack?

 Article:   “US imposes sanctions on Russia over cyber-attacks,” Yahoo! News . [Online]. Available: https://news.yahoo.com/us-poised-sanction-russia-cyber-041015589.html. [Accessed: 18-Apr-2021]. On April 18, 2021, the United States announced sanctions against Russia for its efforts to interfere in the 2020 election and for carrying out the Solar Winds hack.  In the announcement, the USA specifically blamed the Russian intelligence agency SVR for the hack. The sanctions target 32 Russian officials for trying to influence the 2020 election.  Additionally, 10 ambassadors were expelled and barred US financial institutions from doing business with Russian entities. This announcement harkens back to two previous entries of this blog on the Solar Winds Hack and Hacking as Statecraft .
Post a Comment
Read more

How Infrastructure Can Also be a Target for Cyber Terrorists

 Article: Evans, Jack. “Someone Tried to Poison Oldsmar's Water Supply during Hack, Sheriff Says.” Tampa Bay Times. Tampa Bay Times, February 10, 2021. https://www.tampabay.com/news/pinellas/2021/02/08/someone-tried-to-poison-oldsmars-water-supply-during-hack-sheriff-says/.  Businesses like Equifax aren’t the only entities vulnerable to hackers.  Water treatment plants can be too.  Case in point:  the hacking of the Oldsmar, FL water treatment plant.   On February 6, 2021, employees at the Oldsmar city water treatment plant noticed something strange:  the sodium hydroxide (lye) level had been changed in the computer managing the treatment plant into add 100 times more of the chemical to the water.  Lye is added to the water to control acidity but it is poisonous in higher levels.  Fortunately, the employees were able to change the lye level back to normal levels immediately before any damage was done.  Even if the employee hadn’t noticed...
Post a Comment
Read more