It Took a Massachusetts Hospital 14 Years To Detect a Data Breach

An anonymous reader shares a report: To make matters worse, even after all that time -- it wasn't the medical center itself that discovered the incident. Tewksbury Hospital learned of the breach in the spring of 2017. It hasn't found any evidence to suggest the security incident resulted in attackers misusing patients data. Even so, it believes the event compromised the security of affected individuals' personal and medical information. As the state-run institution explains in a statement: "In April of this year, a former patient expressed concern that someone may have accessed their electronic medical record inappropriately. A review conducted in response to this complaint revealed that one hospital employee appeared to have accessed the former patient's records without a good reason to do so. This discovery led to a broader review of the employee's use of the electronic medical records system at Tewksbury Hospital. As a result of this review, we were able to determine that the employee appeared to have inappropriately accessed the records of a number of current and former Tewksbury Hospital patients."

Re:Weapons Grade Negligence

[bobbied]

Oh please.. It was an INSIDER who did this and apparently wasn't out downloading mass amounts of data all at once. How do you distinguish between an insider doing their job and this? I'm just amazed that they kept the access logs for 14 years so they could go back and audit this one user.

You want every hospital in the world to put in strict access monitoring and then have a team that does nothing but monitor and verify each and every data access? Talk about expensive and adding to healthcare costs, for what? Certainly this won't have a positive affect on healthcare delivered...

Re:Weapons Grade Negligence

[K.+S.+Kyosuke]

The people who were responsible for information security should receive the death penalty for such egregious negligence.

Probably those MUMPS anti-vaxxers again...