IT departments often focus on blocking attacks by outside hackers, but current and former employees often pose as much — if not more — of a threat. That was the lesson learned by one recent cybertheft victim.
Griffin Hospital, in Derby, Conn., has notified almost 1,000 patients that their sensitive health records may have been stolen.
According to Griffin, a former employee of the radiology department used passwords of other staff members to log into the hospital’s patient records system. The folks whose passwords were used didn’t know the hacker had their passwords or how he got them.
The hospital discovered the breach after getting complaints from patients that the physician had contacted them and encouraged them to have radiology services performed elsewhere, Healthimaging.com reports.
As this story shows, businesses need to be aware of the threat posed by ex-employees. IT and HR departments need to work together to make sure access is removed as soon as someone’s employment is terminated.
Also, companies should train all employees on good password practices. Most folks don’t think it’s a big deal if a co-worker learns their passwords, but as this case shows, you never know who’d going to use the log-in information for malicious means.