"We've been putting cameras on all entrances and exits, looking at using badge numbers for tracking purposes, and keeping a closer eye on what people are doing and where they are going," said Adam Le, director of IT infrastructure at Alliance Imaging, a healthcare testing specialist. "We're also contemplating things like fingerprint scanners and other biometrics and looking at encrypting all data at rest on laptops."
Companies walk a fine line in balancing the need to watch over their workers for security purposes and becoming too intrusive, the expert admitted. However, Le said that with businesses like Alliance facing mounting pressure from regulators to lock down every piece of patient data they record, employees must understand that the process is about protecting the firm and not about assessing personal work habits.
In another effort to deal with the insider threat, Alliance, which provides outsourced medical imaging capabilities to hospitals and other healthcare organizations, has added new user authentication and monitoring tools made by ConSentry to its IT environment.
By increasing security for remote workers and giving the firm a more detailed roadmap of file access activities carried out by its employees and customers, Le said he believes Alliance is finally getting ahead of the insider problem and arming itself with a way to keep everyone honest.
One of the most significant issues the company has dealt with in the past are efforts by insiders to view the records of famous or high-profile patients, activities that are directly at odds with the US Health Insurance Portability and Accountability Act medical data protection regulation.
In some cases, the incidents have been the result of mere nosiness, while in others, the firm suspects that workers may have been looking to share sensitive data with outsiders for a profit.
After conducting both technological and physical penetration tests on its operations, Le said that Alliance feels it is making the right moves to address the issue after augmenting its operations as such.
"With the threat of data theft for identity fraud or to get information on our high-profile customers, we had to work to get a better picture of who was accessing what files," said Le. "Since putting the tools in place, we've been able to track people down when they do something wrong, and I think that type of response travels among workers by word of mouth; overall those types of issue have almost disappeared now that people know that their activities will be monitored."