The Case of the Missing Laptop - Exabeam

The Case of the Missing Laptop

Published
March 24, 2015

Author
Mark Seward

Missing (or stolen) laptops are a big deal, but, they are an even bigger deal in the heathcare vertical. The HIPAA/HITECH act essentially updated HIPAA in 2009 to take into consideration electronic health records (EHR) data as the industry continues to move from paper to electronic recordkeeping.

The HITECH Act now imposes data breach notification requirements for unauthorized uses and disclosures of “unsecured PHI.” These notification requirements are similar to many state data breach laws related to personally identifiable financial information (e.g. banking and credit card data) but with a twist. Under the HITECH Act “unsecured PHI” essentially means “unencrypted PHI.” If a breach impacts 500 patients or more then HHS must also be notified. Notification will trigger posting the breaching entity’s name on HHS website. Under certain conditions local media will also need to be notified.

At one of our recent deployments, a customer was faced with this exact problem. A manager was let go from the healthcare company but his laptop was not recovered as a part if his dismissal. For seven tense days the search was on with the quesiton looming, will we have to post this as a self inflicted data breach on the HHS website. Normally, as described by the security team, they’d use their not-so-up-to-date asset database, the anti-virus server and a few Splunk searches to try to find the laptop.

Exabeam was able to show the laptop as having moved to another network zone and had been recovered by a different team. This kept the healthcare company from erroneously reporting the laptop as lost and potentially a physical data breach per HIPAA/HITECH.

Want to get a demo — Just press the button below!



The Demo Button

Recent Information Security Articles

New CISO? 5 Things to Achieve In Your First 90 Days

Read More

Our Customers Have Spoken: Exabeam named a 2021 Gartner Peer Insights™ Customers’ Choice for SIEM

Read More

What Is XDR? Transforming Threat Detection and Response

Read More

Exabeam Cyberversity: A Resource for Cybersecurity Professionals

Read More

XDR Security: 10 Ways XDR Enhances Your Security Posture

Read More



Recent Information Security Articles

7 Detection Tips for the Log4j2 Vulnerability

Read More

New CISO? 5 Things to Achieve In Your First 90 Days

Read More

5 Security Questions to Consider this Holiday Season

Read More

Our Customers Have Spoken: Exabeam named a 2021 Gartner Peer Insights™ Customers’ Choice for SIEM

Read More

What Is XDR? Transforming Threat Detection and Response

Read More