Hospital suffers data breach as employee steals over the course of seven years - expert comment
May 2016 by David Gibson, VP of strategy and market development at Varonis
It has been reported that an employee at UnityPoint Health-Allen Hospital was accessing files without authorisation over the course of about seven years, taking in names, health insurance information, and in some cases Social Security numbers.
Commenting on this breach, David Gibson, VP of strategy and market development at Varonis, said "Almost every organisation is vulnerable to insider threats – disgruntled employees, rogue administrators, employees who get phished or have their credentials stolen. Employees have access to a lot of sensitive data – usually far more than they need – and most organisations don’t track how they’re using it. Or abusing it.
Look at what’s happening with ransomware – one employee gets infected and then hundreds or thousands of files across network shares get encrypted – including files the employee should never have had access to in the first place. A poll by Varonis that reveals more than a third of healthcare IT workers’ organisations have been infected with ransomware – the easiest insider threat to spot (the only one that promptly announces its presence). Ransomware and unfortunate incidents like the one at UnityPoint should inspire many organisations to reduce broad, unnecessary access and start monitoring and analysing what employees are doing to spot insider threats."