Kaiser fires 15 workers for snooping in octuplet mom's medical records
Another eight hospital employees disciplined for improperly accessing Nadya Suleman's files
Computerworld - A Kaiser Permanente hospital located in a Los Angeles suburb has fired 15 employees and reprimanded eight others for improperly accessing the personal medical records of Nadya Suleman, the California woman who gave birth to octuplets in January.
The unauthorized accessing of Suleman's electronic records at the medical center in Bellflower, Calif., violated a California law designed to safeguard the privacy of health care data, according to Kaiser spokesman Jim Anderson, who said the snooping incidents have been reported to the California Department of Public Health.
The improper activities were discovered as a result of increased network monitoring procedures that the hospital implemented in anticipation of the huge public interest in Suleman following the birth of the octuplets, Anderson said.
"We have known since she came into the hospital that at some point, this would be a fairly widely reported story," he said, adding that Kaiser also conducted extra training before Suleman was admitted to the hospital to remind employees about the importance of keeping patient data confidential.
Anderson said Suleman was first notified of the breaches about 10 days ago, initially to inform her that eight people had accessed her records without authorization. She later was told that Kaiser had found that an additional 15 employees had done so. There is little evidence thus far that any of the fired or disciplined workers accessed the files for any reason other than personal curiosity, Anderson said.
Suleman shot into the public and media spotlight when she became only the second person in the U.S. known to have delivered a set of living octuplets. At the time, Suleman was already the mother of six children — a fact that added an element of controversy to the births, fueling even more interest in her.
Data-snooping incidents such as the one at the Kaiser Permanente Bellflower Medical Center highlight the lack of adequate security controls that hospitals and other entities in the health care industry have for protecting patient records, said Deborah Peel, founder and chair of Patient Privacy Rights, a watchdog group in Austin.
"The state of health IT access controls is abysmal, atrocious and outdated," Peel said. She claimed that what happened at Kaiser "can and does happen" on a broad scale at hospitals across the U.S. because of their continued reliance on "primitive" security controls that haven't been updated in decades.
Unlike in industries such as the financial services sector, where role-based access control is the norm rather than the exception, a wide range of workers at health care providers can get access to patient data whether they need to have such access or not, according to Peel.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- Live Webcast How to serve up a Grand Slam with a scalable IT Infrastructure for cloud, big data and advanced analytics Register today to attend this webcast, and see examples of how The U.S. Tennis Association, Wimbledon and U.S. Golf Association are using the...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Knowledge Center White Papers | Webcasts