The Case of the Missing Laptop - Exabeam

The Case of the Missing Laptop

Published
March 24, 2015

Author
Mark Seward

Missing (or stolen) laptops are a big deal, but, they are an even bigger deal in the heathcare vertical. The HIPAA/HITECH act essentially updated HIPAA in 2009 to take into consideration electronic health records (EHR) data as the industry continues to move from paper to electronic recordkeeping.

The HITECH Act now imposes data breach notification requirements for unauthorized uses and disclosures of “unsecured PHI.” These notification requirements are similar to many state data breach laws related to personally identifiable financial information (e.g. banking and credit card data) but with a twist. Under the HITECH Act “unsecured PHI” essentially means “unencrypted PHI.” If a breach impacts 500 patients or more then HHS must also be notified. Notification will trigger posting the breaching entity’s name on HHS website. Under certain conditions local media will also need to be notified.

At one of our recent deployments, a customer was faced with this exact problem. A manager was let go from the healthcare company but his laptop was not recovered as a part if his dismissal. For seven tense days the search was on with the quesiton looming, will we have to post this as a self inflicted data breach on the HHS website. Normally, as described by the security team, they’d use their not-so-up-to-date asset database, the anti-virus server and a few Splunk searches to try to find the laptop.

Exabeam was able to show the laptop as having moved to another network zone and had been recovered by a different team. This kept the healthcare company from erroneously reporting the laptop as lost and potentially a physical data breach per HIPAA/HITECH.

Want to get a demo — Just press the button below!



The Demo Button

Recent Information Security Articles

How Attackers Leverage Pentesting Tools in the Wild

Read More

The Differences between SIEM and Open XDR

Read More

Why I Joined Exabeam

Read More

Exabeam Growth and the Opportunity Ahead

Read More

Expand Coverage Against Threats with Exabeam Content Library and TDIR Use Case Packages

Read More



Recent Information Security Articles

Expand Coverage Against Threats with Exabeam Content Library and TDIR Use Case Packages

Read More

Demystifying the SOC, Part 2: Prevention isn’t Enough, Assume Compromise

Read More

How Attackers Leverage Pentesting Tools in the Wild

Read More

The Differences between SIEM and Open XDR

Read More

Why I Joined Exabeam

Read More

Exabeam Growth and the Opportunity Ahead

Read More