This is a slightly different version of a breach. A Montefiore Medical Center employee stole information on patients and sold it to her confederates for as little as $3 a record. According to ABC News, during 2012 and 2013, 32 year old Monique Walker printed out thousands of patient’s records including names, socials, birth dates and other personal information. Ms. Walker, as a clerk on the hospital, had credentials that gave her access to these patient records. (see article).
Some thoughts about this –
- There was no break in. Ms. Walker had credentials
- As a clerk in the hospital did she really need access to all this information? Sounds like they were not effectively managing permissions.
- While she is accused of stealing information on 12,000 people, she is accused of stealing “more than” $50,000 by buying merchandise at places like Macys and Victoria’s Secret. $50,000 / 12,000 patients is only $4.25 per patient – not a very good return; especially if they paid $3 for the information. Of course, we don’t know what more than means.
- The good news is that they actually caught her and her accomplices.
Montefiore Medical Center is the teaching hospital for the Albert Einstein College Of Medicine. It is one of the 50 largest employers in New York state. This is not something that can be blamed on “not knowing” or not having the skills to fix it.
What this points to is that, while high tech crime is on the rise, risk is risk and if they didn’t put controls in place to stop an assistant clerk from printing out personal financial information on 12,000 patients, we probably should not ask about the rest of their security.