Riverside Health System, which oversees five hospitals and numerous other health care centers in the Chesapeake area, announced a possible data breach this week. This came following the arrest of T’sha Riddick, a former employee, who has been charged with stealing credit card information from cancer patients.
It is believed that Riddick improperly accessed patient information at the practice through the company’s computer systems.
Riddick was hired as an unlicensed medical assistant at Riverside in 2012, which meant she wasn’t screened for her previous background. Little did they know that, in 2005, Riddick had pleaded guilty to credit card fraud and obtaining property by false pretenses in North Carolina.
If Riddick is convicted, Riverside Health System will have breached the Health Insurance Portability and Accountability Act (HIPAA). HIPAA was enacted in 1996 to make it easier for people to keep their health insurance when they change jobs, to protect the confidentiality and security of health care information, and to help the health care industry control its administrative costs. Health care organizations have a duty (by law) to abide by HIPAA and secure patients’ data. Riverside could be faced with severe monetary penalties if found to be in breach of HIPAA.
Human fallibility has been recognized as a significant driver in information security incidents. According to The Insider Threat, certain employees can pose a significant and increasing problem for organizations. This pocket guide raises questions that many organizations ignore:
- How exposed is your company to the risk of a malicious attack by a discontented or psychologically unbalanced employee?
- What precautions have you taken to ensure that your IT systems cannot be manipulated for purposes of insider fraud?
- What steps do you need to take to prevent your IT systems from falling prey to organized crime through someone who has been planted within your firm or someone who is being threatened or bribed?
Just this year, the IBM Security Services 2014 Cyber Security Intelligence Index Report found that 95% of all investigated incidents recognize human error as a contributing factor.
Riverside spokesman Peter Glagola said in a news release, “Keeping patient information protected is vital at Riverside…We are looking at ways to improve our monitoring program with more automatic flags to protect our patients.”
Keep your confidential data secure and your employees on the level.