The Insider Threat – Lessons From 3 Incidents
How to Detect, Prevent Inappropriate Access by Authorized Users
… For hospitals and clinics, trying to identify unauthorized access to patient information “is like looking for a needle in a haystack,” says Tom Walsh, president of the consultancy tw-Security.
“That’s why an advanced audit tool – application/program – is needed. It acts like a large electromagnet to pull those needles from the haystack,” he says. “While intelligent audit tools are effective in finding inappropriate access, they can be costly to purchase and maintain … especially for smaller healthcare organizations. Also, the audit tools require dedicate staff time to review the reports.”
“To be effective, organizations need to have a written audit strategy or plan to address: What to audit, who to audit, when to audit, how to audit,” Walsh says.
… Most commercial audit log analysis tools have artificial intelligence capabilities that can identify inappropriate access, says Keith Fricke, principal of tw-Security. “Examples include detecting a user account accessing medical records in sequence, accessing records of a patient from a department that the worker does not work in, and comparing the address of a hospital worker to that of a patient to identify if neighbor snooping is occurring.”