Clinic Breach Involved Authorized User
Experts Offer Insights on Preventing Insider Incidents
… The incident at Children’s Medical Clinics of East Texas spotlights some of the challenges involved with preventing breaches involving authorized users, says Tom Walsh, founder of the consulting firm tw-Security.
“In this case, it is extremely difficult to prevent an authorized user from snooping or accessing patient records in an unauthorized manner,” Walsh says. “This is especially a problem in smaller healthcare environments.” That’s because an individual may have multiple job responsibilities or roles, allowing them to have broader access privileges, he says. “Therefore, organizations would have to rely on detecting an inappropriate access of patient records through auditing and monitoring or user activities.”
Walsh also notes that preventing “screen scraping or capturing screen shots is also a difficult security control to implement because it may interfere with other business processes.”
To help battle insider breaches, Walsh suggests that organizations conduct random audits of user activities.
“Today, most healthcare organizations only review audit logs when there is an incident, [if they] suspect unauthorized behavior or when there is a complaint or an investigation,” he says. “Most smaller organizations lack the tools needed to shift through the volumes of audit logs to detect any inappropriate behaviors.”
Walsh notes that HIPAA recommends that organizations conduct periodic background checks on employees. “Organizations many times only do the minimum background checks before hiring someone. But this initial investment upfront may save a lot of money later on if the employee proves to be untrustworthy,” he says
“People change over time. An employee that had a clean background check for 10 years may be different today as people’s personal lives or circumstances change.”