It seems like the majority of health data breaches I read about are via insiders with access to patient information systems stealing and selling their data.
Federal authorities say Sergei Kusyakov, who was involved with Metro Chiropractic and Wellness Center and City Lights Medical Center, illegally obtained private information about patients through Dale Munroe II and his wife, Katrina Munroe, who worked at Florida Hospital’s Celebration campus.
Authorities said Dale Munroe accessed more than 763,000 records for patients treated at various Florida Hospital locations. He focused on patients who were in automobile accidents, and inappropriately reviewed in detail more than 12,000 patient records.
The interesting part of this is that first it was the husband stealing the data, then when he was fired, his wife took up the work. I would think that there would have been better monitoring of her data access in this case, given the highly-sensitive nature of the data.
Does your organization sufficiently monitor data access to sensitive data? Are you told that you should be using production data for testing of IT development solutions? Do you know that may be illegal in some jurisdictions?
I’ve always refused to accept production data for testing purposes. I think if all data professionals would do that, it would help everyone understand just how risky it was.
Loving your data involves protecting it, too. It’s our job as data professionals to ensure organizations do that.