The largest concern of any healthcare organization is protecting patient personal data. Every year healthcare entities of all sizes become victims of data leaks and lose thousands of dollars. This happens mainly due to employees misbehaving, or simple human error.
Michael Fimin, CEO and co-founder of Netwrix in Irvine, Calif.: The human factor is not an easy one to control; it presents IT professionals with many challenges. One example is the North Carolina Deparment of Health and Human Services, where an employee sent an unencrypted email containing confidential data and there was no way to check if the email had been intercepted during transmission. This incident forced the organization to notify more than 1,600 individuals their personal information, including names and identification numbers, might be compromised. DHHS wasn't using an automatic data encryption tool at that time. The department had been pinning its hopes on reminders to employees to encrypt emails containing confidential information before sending them. The moral we can draw from this story is there's no need to hope every user listens to your claims and pleas. When building a really strong security posture, imagine your users are more like the kids in the kitchen, rather than mature professionals. If you don't want bad things to happen, you'd better hide all the knives and always keep an eye on what they are doing, including making unauthorized changes to sensitive data.