The patient privacy monitoring software used by the organization completely missed the breach and it was only discovered by an employee whistleblower.
"The employee was looking up information related to friends and family — but those particular things were not picked up [by the privacy auditing software]."The privacy officer said random audits by their privacy breach detection software "will look for last names, or it might look for the same address." But the software completely missed that the "employee was looking up information related to friends and family".
- Vice-president of privacy for the organization
Most commercial privacy breach detection products use static rules that miss many types of privacy breaches. But Veriphyr's dynamic clustering behavioral analytics, available as low-cost on-demand SaaS services, can proactively detect this and other complex breach types.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Insider tipped Eastern Health to latest privacy breach - www.CBC.ca,05/14/2014