NHS employee was found accessing medical records of over 2,000 patients. The employee had legitimate access to the trust’s electronic health record system, but was accessing them over a period of 18 months with no legitimate reason for doing so.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Jan Van Vliet
Jan Van Vliet , VP and GM EMEA
InfoSec Expert
September 20, 2019 12:00 pm

For security analysts, spotting security incidents arising from within their company, which is arguably their own customer base, is particularly tricky because, like in this instance, the attacker may have legitimate access. If the credentials being inputted are valid, the same alarms are not raised as when an unauthorised user attempts entry from the outside. Deploying data-aware cyber security solutions removes the risks around the insider threat because even if an adversary has legitimate access to data, they are prevented from copying, moving or deleting it. What’s important when it comes to insiders, in whatever guise, is to be able to detect malicious or suspicious activity and produce real-time, priority alerts that analysts know must be addressed immediately.

Last edited 3 years ago by Jan Van Vliet
Barry Shteiman
Barry Shteiman , VP Research and Innovation
InfoSec Expert
September 20, 2019 11:57 am

Organisations need to be able to detect unusual activity from valid machines and users, which is why behavioural analytics has grown so quickly over the last couple of years. While standard security technology focuses on “can you access this data?” behavioural analytics focuses on “should you be accessing this data?” – this is much more useful for detecting threats in the NHS, which can compromise entire corporate machines. Behavioural analytics is also the only way to get real insight into the insider threat. It can tell an organisation when someone is doing something that is unusual and risky, on an individual basis and compared to peers.

Last edited 3 years ago by Barry Shteiman
Would love your thoughts, please comment.x