Over 300 Texas Auctions End Today - Bid Now
Over 30 Total Lots Up For Auction at Two Locations - WI 05/27, NV 05/29

Spanish SpanishFrench FrenchPortuguese Portuguese

How can an insider threat interact with HIPAA regulated information?

June 19, 2018
Health IT
Share

Malicious Insider – The malicious insider is dangerous and has ill intentions. They may be a disgruntled or angry employee seeking to cause damage or harm your company via insider sabotage. This insider causes direct harm to your organization, and they may delete or transfer EPHI off-site to leak. 55% of malicious insiders are looking to monetize sensitive data, as found by CIO Insight.

Real case example:

stats
DOTmed text ad

Your Trusted Source for Sony Medical Displays, Printers & More!

Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.

stats

● UCLA Health System experienced a breach when a fired surgeon accessed their medical record database on over 300 occasions. The ex-surgeon illegally accessed and viewed EHR of coworkers, supervisors, and celebrities as well.

Professional Insider – This insider may be an employee, but took the job to simply exploit data. This individual makes a living off of exploiting companies, stealing and selling sensitive data. The professional insider is calculated and may have stolen data from an organization before.

Real case example:

● A hospital employee was arrested and fined in 2014 for illegally accessing and disclosing EPHI and EHR. The employee convicted of this crime had the intent of selling this information for personal profit.


How to prevent insider threat and HIPAA violation
Isaac Kohen
The digitization of healthcare data is both a blessing and a curse. Adopting a proactive, forward-thinking approach through awareness, policies, and technology enables your healthcare entity to actively monitor and prevent the insider threat. Successfully preventing and detecting each insider threat may not be possible, but executing data security efforts is necessary for HIPAA compliance. OCR further stresses appropriate access to data, creating and managing end user accounts to protect against the insider threat and maintain HIPAA. The examples stated in this article are everyday opportunities for an insider threat to interact with and exploit HIPAA-regulated information.


Isaac Kohen is the founder and CEO of Teramind, an employee monitoring and insider threat prevention platform that detects, records, and prevents, malicious user behavior, in addition to helping teams to drive productivity and efficiency.

Back to HCB News
Sign up for Health IT stories Sign up for Weekly Top stories

You Must Be Logged In To Post A Comment

Sign up for Weekly Top stories

Sign up for Health IT stories

 

advertisement

Health IT Homepage

Intelerad partners with RADPAIR to streamline radiology reporting with AI
Madison Dearborn Partners to take major stake in NextGen Healthcare
Sun Nuclear acquires AI software firm Oncospace to bolster radiation oncology tools
Scriptor Software separates transcription from reporting with rScriptor platform
Groundbreaking new $2 Billion pediatric hospital deploys Vizzia advanced RTLS
Are you ready for the upcoming SIIM meeting?
Konica Minolta updates Exa platform with built-in 3D imaging and expanded integration tools
Unlocking healthcare data's full potential
Healthcare ecosystem collaboration is key to a healthy revenue cycle
Tackling financial pressures: Why home-based care providers are outsourcing RCM