A Kaiser Permanente hospital has fired 15 workers for improperly accessing the medical records of Nadya Suleman In the latest example of employee data-snooping, a Kaiser Permanente hospital located in a Los Angeles suburb has fired 15 workers and reprimanded eight others for improperly accessing the medical records of Nadya Suleman, the California woman who gave birth to octuplets in January.The unauthorized accessing of Suleman’s electronic records at the facility in Bellflower, Calif., violated a California law designed to safeguard the privacy of health care data, according to Kaiser spokesman Jim Anderson. He said the improper activities were discovered through increased network-monitoring procedures put in place by the hospital in connection with the birth of the octuplets.Kaiser also conducted extra training to remind hospital employees of the need to keep patient data confidential, Anderson said.The snooping incidents highlight the lack of adequate data-security controls at hospitals and other health care organizations, said Deborah Peel, who heads the Patient Privacy Rights Foundation in Austin. Peel claimed that such privacy breaches occur on a broad scale because of the health care industry’s continued reliance on “primitive” user-access controls. At large enterprises like Kaiser, she noted, thousands of workers may be able to access patient data, even if they don’t need to do so.In a similar case, the medical center at the University of California, Los Angeles, disclosed last April that as many as 165 doctors and other workers had improperly accessed the medical records of numerous celebrities over a 13-year period. But such incidents aren’t restricted to the health care industry. In January 2008, federal officials disclosed that U.S. Department of State employees and contractors had snooped in the electronic passport records, including then-Sen. Barack Obama’s.Jay Cline, president of Minnesota Privacy Consultants, thinks the “Facebook effect” is partly to blame. Users of social networks “have become used to poking through other people’s profiles,” Cline said, “and they see no ethical difference doing the same thing with employee and customer databases.”He added that IT and security managers need to make three things clear to employees: “Our systems are not Facebook. We’re watching system usage closely. Use them for authorized purposes only, or you may be fired.” Related content news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe