By: Mike Spinney, CIPP – Privacy Analyst, Ponemon Institute
Here’s a brazen bit of breachery from the Miami Herald.
It’s a neat little proposition: for a flat monthly fee, a data broker (of sorts) acquires medical records from a hospital employee and passes them through to a personal injury lawyer for a fee plus a percentage of his lawsuit earnings.
Apparently the scheme went on for two years before the hospital employee blabbed about it. Luckily for Miami-area residents, someone with a clearer moral compass recognized the crime and told authorities.
This isn’t all that different from the revelation that UCLA Medical Center employees were abusing their access privileges to snoop the files of celebrity patients, either for their own amusement or to pass info along to the tabloids.
While both stories are a reminder of the serious threat posed by malicious insiders, the Jackson Memorial case offers another lesson: don’t overlook the importance of personal ethics in your security strategy.
We have no information about the security and ID/access management technologies in place at Jackson Memorial, and we don’t know if the person who tipped the police was a co-worker. But we do know that someone who knew right from wrong had the moral courage to do the right thing when confronted with information related to misconduct.
Good, consistent training and an ongoing awareness campaign – along with a visible example set from the top down – can have a positive effect on your company’s overall security program (and at a very reasonable cost). We cannot emphasize enough the importance of creating a security-conscious culture within every organization.
Mike Spinney, Senior Privacy Analyst , CIPP
Mike Spinney is a senior privacy analyst with the Ponemon Institute, a research organization dedicated to advancing responsible information and privacy management practices in business and government. He works closely with founder Dr. Larry Ponemon to develop a better understanding of and new approaches to responsible information management. Spinney serves on the Ponemon Institute’s RIM Council and is a frequent author and speaker on data privacy issues.
Spinney’s work on privacy has appeared in Privacy Advisor, 1to1: Privacy, RFID Journal, CSO, Computerworld, and other industry publications, and he has addressed audiences including the Privacy Summit, Secure Boston, Secure Chicago, IAPP/ISC(2) Security Series, INTERPHEX, and SecureWorld. He is a frequent media resource on privacy issues and has been quoted extensively by such media as the San Francisco Chronicle, BBC, Inc. Technology, Popular Science, American Medical News, Security Management, IDG News Service, SC Magazine, and many more.
The Value of a Clear Moral Compass - Mike Spinney's Blog
No comments:
Post a Comment