If you thought that maybe, just maybe, we could end 2015 without another medical provider experiencing a data breach, well, your optimism is saluted. Considering that the healthcare industry experienced over 180 breaches in the first six months of 2015 alone, it comes as no surprise that Northwest Primary Care has announced that the records for 5,372 patients have been compromised.
What should not be brushed under the table, however, is that this wasn’t a recent breach. NWPC is reporting that these records were stolen between April 2013 and December 2013, leaving one to question how it took the company a full two years to detect the incident. The perpetrator? None other than a former employee.
When Background Checks Aren’t Sufficient
It is not clear whether or not the individual worked with the company at the time of the breach, or how he might have used the patient records. But considering how NWPC has reference checks, background checks, and strict compliance procedures, the company’s breach should be taken as a warning sign to other companies who are content with resting on their laurels.
With an average of one healthcare data breach each day, it’s hard not to become jaded with security as a whole. It can very easily seem like being concerned with security is a lost cause; the breaches are going to occur whether or not money and time is invested in protection anyway, right? Well, not exactly.
The Threat At Home
The problem with most organizations is that they put so much emphasis on creating ironclad firewalls and exterior protection for their security systems that they lose sight of a threat that goes unnoticed: employees. You are free to protect your castle with a mile-long moat filled with hungry sharks, but if your attackers are already in the castle lobby, your clichéd shark initiative was executed in vain. Unsurprisingly, insider threats are quickly overtaking outside hacking efforts to become the primary security risk to organizations.
We may all have ideas and opinions on which co-worker would be most likely to turn on an employer. Traditionally, these thoughts tend to be based on trivial personality traits and preconceived notions. What if there was a way to analyze employees without bias and look at raw data and behaviors on their own merits, though? To create user profiles that document both ordinary work functions and suspicious activities? User Monitoring software would certainly be incomparably helpful at a time like this…