[ISN] Healthcare Unable To Keep Up With Insider Threats

From: InfoSec News <alerts_at_private>
Date: Wed, 2 May 2012 01:47:37 -0500 (CDT)
http://www.darkreading.com/insider-threat/167801100/security/news/232901235/healthcare-unable-to-keep-up-with-insider-threats.html

By Ericka Chickowski
Contributing Editor
Dark Reading
May 01, 2012

April has been a brutal month for healthcare breaches, with three major 
breaches disclosed accounting for nearly 1.1 million records lost. The 
thread woven throughout each has been the role of insiders--both 
malicious and inept--in triggering the incidents.

In one case at the Utah Department of Health, approximately 780,000 
Medicaid records were exposed due to the misconfiguration of a server 
containing these files. Human error also accounted for the loss of 
315,000 patient records at Emory Healthcare, when 10 backup disks went 
missing from a storage facility at Emory University Hospital. Meanwhile 
at South Carolina's Department of Health and Human Services, the insider 
threat event took a more malicious turn as an employee sent 228,000 
Medicaid patient records to himself via email. The investigation is 
still ongoing but already the employee, Christopher Lykes, was both 
fired and arrested by the South Carolina State Law Enforcement Division 
for his malfeasance.

According to experts, these three incidents are representative of the 
types of consequences healthcare organizations face when they fail to 
address insider threats through improved employee screening, monitoring, 
data controls and security awareness training. According to Rick Dakin, 
CEO of the IT security consulting firm Coalfire Systems, over half of 
the insider incidents his company investigates involve an insider in 
some way, shape or form.

"It's not typically malicious--the bulk of the insider threat is lack of 
knowledge. Users access data, leave data on systems, and it's not 
maliciously intended," says Dakin, who says that regardless of intent, 
insider incidents tend to occur due to the same weaknesses. "The insider 
threat follows the same vector: lack of access controls. A lack of 
monitoring. The lack of data loss prevention tools. There's a series of 
control breakdowns that allow insider threats to maliciously or just 
through human error and mistake access data and compromise the data."

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Received on Tue May 01 2012 - 23:47:37 PDT

This archive was generated by hypermail 2.2.0 : Tue May 01 2012 - 23:43:20 PDT