Three employees at Tucson’s University Medical Center got fired for allegedly peeking at medical records in the shooting rampage that killed six people and left Congresswoman Gabrielle Giffords fighting for life.Here’s a snippet from The Arizona Daily Star:Three employees at Tucson’s University Medical Center have been fired for violating patient privacy in connection with accessing confidential medical records in the high-profile shooting rampage that killed six people and left Congresswoman Gabrielle Giffords in critical condition, hospital officials said. All the remaining injured patients from the shootings, including Giffords, are at UMC.“The hospital has terminated three clinical support staff members this week for inappropriately accessing confidential electronic medical records, in accordance with UMC’s zero-tolerance policy onpatient privacy violations,” says a statement issued by UMC officials this morning. A contracted nurse also was terminated by the nurse’s employer, officials say, and the families of the affected patients were notified.We’ve seen this sort of thing before, and it’s always sickening. At the same time, it’s human.Curiosity makes us do stupid things from time to time. If you work in a hospital and you have some famous patients, the urge to look at their confidential records must be overwhelming. It’s still wrong, though.I can tell you I’d never do such a thing. But who knows what kind of stupidity I might engage in if curiosity were to disable my moral compass.I’m glad I’m not in that position.That’s where my sympathy ends.Hospital officials were right to fire these people if they really did what they’re accused of. Curiosity will always tempt us to do dumb things, but in the end we know right from wrong and we have a choice. The people that were fired allegedly made a bad choice. This particular incident is getting headlines because it’s connected to a national tragedy. But it happens all the time.At one hospital in my home state, several doctors have been fired for looking at the confidential records of celebrity patients. One doctor was fired publicly. Officials at that hospital called their policy of firing people for this sort of thing “public hangings.”There’s plenty of identity and access management technology available to minimize these incidents.But in the end, if a reasonably smart person is burning with curiosity, they will find a way to break through the wall of privacy. My cousin made this point once after my aunt and grandmother’s house was broken into: “If someone wants to get in badly enough, they’ll do it — even if you have an alarm system.”That being the case, it comes down to how the organization responds to a breach of public trust.In this case, officials at University Medical Center appear to have done the right thing.–Bill Brenner Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe