Implications of internal data theft at hospitals: tips for preventing and handling data breaches by employees By Marissel Descalzo, Gavrila A. Brotz Internal data theft by employees at hospitals and health systems is becoming an increasing concern. Criminals are targeting low-level employees who have access to patient information at the hospital for the purpose of stealing the data for profit. What should you look for if you are trying to root out a potential data breach or prevent these kinds of breaches? What steps should you take if a breach occurs? Data security and privacy attorneys Gavrila Brotz and Marissel Descalzo provide tips for uncovering data breach threats, best practices for conducting an internal investigation, what to do when a breach occurs, preventive measures, and cyber litigation trends in this 20-minute CFJB on Cyber podcast. Click here to hear audio. TRANSCRIPT Marissel Descalzo: Thank you. Recently there’s been an increase in internal ■ service data theft. Data breaches are not just the result of external threats. We are seeing an increased trend in hospital and health system employees who are now fully accessing and stealing patient information. The purpose of this is to sell the information and the reason is, it’s very profitable. Criminals are targeting low-level employees who have access to patient information such as people in the medical records department; transporters; people in admissions. Most of the time these individuals are either already employed by the hospital or some may be seeking employment for the specific purpose to assist these data breach thieves. We’ve seen positions that have been targeted either hospital-based or even people seeking positions with third-party vendors in order to get access to this information. Gavrila Brotz: So what do you look for if you are trying to root out a potential data breach or prevent these kinds of breaches? Look for numerous general searches that are being performed by hospital employees or employees of vendors, searching for patients’ names or their dates of birth. Numerous successive searches in modules that provide you with demographic information without entering into a patient’s record or high volume of printing of demographic information or financial information of patients. For example, their face sheets or other screenshots with patients names, addresses, dates of birth and/ or their Social Security numbers. It’s very common that these data breaches are ultimately found when an individual is pulled over by the police for a traffic stop and the policeman notices a large stack of face sheets from a hospital and it turns out that that’s what’s been going on. So the key is to find this before the traffic stop, to find this internally by seeking out and finding these kinds of searches or printing that’s going on by employees. So you want to identify them and investigate. cont. JANUARY, 2015 TSF 17