Health IT Pulse

Dec 22 2017   2:46PM GMT

OCR: Combat internal healthcare security threats with IAM policies

Tayla Holman Tayla Holman Profile: Tayla Holman

Tags:
Data breach
OCR

The Office for Civil Rights (OCR) is urging healthcare organizations to create effective identity and access management (IAM) policies to prevent data breaches by former employees.

An IAM policy can help prevent healthcare security threats by making sure that users only have access to appropriate data, and terminating that access when they leave the company.

To combat insider threats, OCR emphasized the need for healthcare organizations to terminate user accounts after an employee leaves to prevent unauthorized access to protected health information (PHI). Any laptops or smartphones should be returned, and PHI should be wiped from any personal devices. OCR also recommended procedures to terminate a former employee’s physical access to PHI, such as changing security codes or combination locks and removing users from access lists.

OCR also recommends using logs to document when access is granted to a user or when privileges are elevated. This documentation can be used when it is time to terminate a former employee’s access after they leave the company. The IT department or a designated security employee should be alerted when an employee quits or is fired so that person’s access to be can be terminated. Audit procedures should also be put in place to confirm that IAM policies are being implemented.

In 2016, insider healthcare security threats accounted for 71% of attacks, and inadvertent actors caused nearly half of those. While that trend appears to be reversing slightly in 2017, healthcare security threats from internal sources accounted for 32.1% of data breaches in November, according to Protenus. Hacking comprised 28.6% of breaches, and stolen or lost records accounted for 25.0% of data breaches.

Altogether, there were 28 data breach incidents in November, down slightly from a consistent trend of at least one breach a day since the beginning of the year. Nine of those attacks were due to insider healthcare security threats; seven involved insider error and two involved insider-wrongdoing. Eight of the attacks were due to hacking — although data was only available for five — and four were due to loss or theft.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: