The statistics are startling: In April 2012 alone, three major security breaches that hit the Utah Department of Health (UDH), Emory Healthcare and South Carolina’s Department of Health and Human Services accounted for nearly 1.1 million records lost.

And it was the work of insiders.

According to an article entitled “Healthcare Unable to Keep Up with Insider Threats” by Ericka Chickowski on the Dark Reading website, the three incidents are typical of “the types of consequences healthcare organizations face when they fail to address insider threats through improved employee screening, monitoring, data controls, and security awareness training.”.

These insider threats were and are potentially malicious and at the very least inept. In the case of the UDH, records were exposed due to the misconfiguration of a server containing the files. At Emory, human error accounted for the loss of a significant number of patient records when 10 backup disks went missing. In South Carolina, a DHHS employee (who has since been fired and arrested) sent thousands of Medicaid patient records to himself in an email.

The healthcare industry, by and large, “has been notoriously incapable of pinpointing risks in general, let alone those from insiders,” the article offers. Sourcing the problem is difficult because these security holes include loss or theft of portable devices such as laptops, smartphones, external drives and backup tapes; actual theft by data thieves; and simple staff ignorance in terms of security, protocol and training.

With solutions available today, those institutions could easily tell the difference between intentional and non-intentional privacy violations, achieve full regulatory compliance, and pass any audit with real-time user activity log files. As the “insider threat” continues to grow right along with the healthcare industry, major steps will need to be taken to stanch the flow of lost and misappropriated records that can and will lead to increased fraud and identity theft. The time to act is now.

To learn more about Attachmate’s Luminet enterprise fraud management software please visit http://www.attachmate.com/Products/efm/luminet/luminet.htm.

Stratfor specializes in “strategic intelligence on global business, economic, security and geopolitical affairs,”

It appears Stratfor failed to encrypt any of its credit card information, despite promises “to maintain safeguards to protect the security of these servers and your personally identifiable information,” according to its privacy policy.”

http://www.scmagazine.com/anonymous-shreds-intelligence-firm-stratfor-in-latest-hack/article/220781/?DCMP=EMC-SCUS_Newswire

I just wonder when will corporations and their executives start being held criminally liable for such egregious security blunders? Until then, there is very little reason for many of them to change….just my two pennies. Sales point is that no one is safe and all should at least entertain a conversation with you about your security solutions, right?

Happy New Year.