The $4.5 Million dollar Insider Threat

Written By L Trotter II

In a recent headline, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a $4.5 million dollar settlement with Montefiore Medical Center over HIPAA violations.

This case sheds light on an issue rarely considered within the healthcare sector, insider threats.

In May 2015, the NY Police informed Montefiore that there was evidence of theft of patient medical information.

Upon investigation, Montefiore discovered two years prior, one of their employees stole and sold the electronic protected health information of 12,517 patients to an identity theft ring.

OCR’s investigation revealed violations of the HIPAA Security Rule, including failure to conduct risk assessments, monitor information system activity, and the lack of policies and procedures.

This is what organizations can do to avoid these incidents:

  • Develop a Comprehensive Risk Management Plan

  • Configure System Audit Logs

  • Monitor System Activity

  • Develop Policies for Log Auditing and Monitoring Systems

But most importantly look at your cybersecurity program from a holistic perspective and not just the concerns we here about on the news.

This ensures that we not only consider outside threats but also the internal threats as well.

Questions about HIPAA?

Interact with our curated HIPAA GPT: HIPAA Expert ChatGPT

Download our Free HIPAA Compliance Guide: Scroll to Free Resources

L Trotter II

As Founder and CEO of Inherent Security, Larry Trotter II is responsible for defining the mission and vision of the company, ensuring execution aligns with the business purpose. Larry has transformed Inherent Security from a consultancy to a cybersecurity company through partnerships and expert acquisitions. Today the company leverages its healthcare and government expertise to accelerate compliance operation for clients.

Larry has provided services for 12 years across the private industry developing security strategies and managing security operations for Fortune 500 companies and healthcare organizations. He is influential business leader who can demonstrate the value proposition of security and its direct link to customers.

Larry graduated from Old Dominion University with a bachelor’s degree in Business Administration with a focus on IT and Networking. Larry has accumulated certifications such as the CISM, ISO27001 Lead Implementer, GCIA and others. He serves on the Board of Directors for the MIT Enterprise Forum DC and Baltimore.

https://www.inherentsecurity.com
Previous

Navigating HIPAA Compliance: A Comprehensive Guide Pt. 1
Next

Business Associate vs Covered Entity