A medical centre in the United States has recently been hit with a substantial data breach, which is now believed to have originated from within the centre itself.
The Las Vegas Western Regional Center for Brain & Spine Surgery (WRCBSS) reported the breach on July 9, stating that 12,000 individuals have been impacted. Names, addresses, Social Security numbers and billing account numbers for the organisation were included in the stolen data.
The employee was working for the organisation in 2011 and 2012, and the breach occurred from November 28 through until June 29 2012.
According to WRCBSS, a former employee stole the sensitive data and used it for fraudulent purposes. Often, attackers seek to sell this information to the highest bidder.
"Presently, we are unable to identify the specific patients whose personal health information was actually stolen nor do we know which of those patients whose information was stolen was also used for fraudulent activities," WRCBSS office administrator Robin Hasty wrote in the patient notification.
"We are therefore notifying all patients whose personal information was in our billing system at the time of the breach."
The organisation reviewed internal policies and procedures, and also investigated technology safeguards. Impacted individuals were also notified as part of the procedures.
It's often hard for businesses to predict insider breaches, especially from former employees. Frequent security audits are one of the best ways to guarantee safety, as they're able to check the security of a business network.
For example, a business may find that a system containing sensitive customer information is open to staff who don't require access.
In addition, these audits can pick up on any potential security concerns before they occur, and put appropriate fixes in place. Dealing with a small business security audit is far better alternative to handling the fallout from a substantial data breach.