[BreachExchange] OCR: Combat internal healthcare security threats with IAM policies

[Audrey McNeil]

http://searchhealthit.techtarget.com/blog/Health-IT-
Pulse/OCR-Combat-internal-healthcare-security-threats-with-IAM-policies

The Office for Civil Rights (OCR) is urging healthcare organizations to
create effective identity and access management (IAM) policies to prevent
data breaches by former employees.

An IAM policy can help prevent healthcare security threats by making sure
that users only have access to appropriate data, and terminating that
access when they leave the company.

To combat insider threats, OCR emphasized the need for healthcare
organizations to terminate user accounts after an employee leaves to
prevent unauthorized access to protected health information (PHI). Any
laptops or smartphones should be returned, and PHI should be wiped from any
personal devices. OCR also recommended procedures to terminate a former
employee’s physical access to PHI, such as changing security codes or
combination locks and removing users from access lists.

OCR also recommends using logs to document when access is granted to a user
or when privileges are elevated. This documentation can be used when it is
time to terminate a former employee’s access after they leave the company.
The IT department or a designated security employee should be alerted when
an employee quits or is fired so that person’s access to be can be
terminated. Audit procedures should also be put in place to confirm that
IAM policies are being implemented.

In 2016, insider healthcare security threats accounted for 71% of attacks,
and inadvertent actors caused nearly half of those. While that trend
appears to be reversing slightly in 2017, healthcare security threats from
internal sources accounted for 32.1% of data breaches in November,
according to Protenus. Hacking comprised 28.6% of breaches, and stolen or
lost records accounted for 25.0% of data breaches.

Altogether, there were 28 data breach incidents in November, down slightly
from a consistent trend of at least one breach a day since the beginning of
the year. Nine of those attacks were due to insider healthcare security
threats; seven involved insider error and two involved insider-wrongdoing.
Eight of the attacks were due to hacking — although data was only available
for five — and four were due to loss or theft.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171226/b31b9b35/attachment.html>