The Case of the Missing Laptop - Exabeam

The Case of the Missing Laptop

Published
March 24, 2015

Author
Mark Seward

Missing (or stolen) laptops are a big deal, but, they are an even bigger deal in the heathcare vertical. The HIPAA/HITECH act essentially updated HIPAA in 2009 to take into consideration electronic health records (EHR) data as the industry continues to move from paper to electronic recordkeeping.

The HITECH Act now imposes data breach notification requirements for unauthorized uses and disclosures of “unsecured PHI.” These notification requirements are similar to many state data breach laws related to personally identifiable financial information (e.g. banking and credit card data) but with a twist. Under the HITECH Act “unsecured PHI” essentially means “unencrypted PHI.” If a breach impacts 500 patients or more then HHS must also be notified. Notification will trigger posting the breaching entity’s name on HHS website. Under certain conditions local media will also need to be notified.

At one of our recent deployments, a customer was faced with this exact problem. A manager was let go from the healthcare company but his laptop was not recovered as a part if his dismissal. For seven tense days the search was on with the quesiton looming, will we have to post this as a self inflicted data breach on the HHS website. Normally, as described by the security team, they’d use their not-so-up-to-date asset database, the anti-virus server and a few Splunk searches to try to find the laptop.

Exabeam was able to show the laptop as having moved to another network zone and had been recovered by a different team. This kept the healthcare company from erroneously reporting the laptop as lost and potentially a physical data breach per HIPAA/HITECH.

Want to get a demo — Just press the button below!



The Demo Button

Recent Information Security Articles

Five Steps to Effectively Identify Insider Threats

Read More

Detecting the New PetitPotam Attack With Exabeam

Read More

The Challenges of Today’s CISO: Navigating the Balance of Compliance and Security

Read More

Human Managed Selects Exabeam to Drive Faster Decision-making

Read More

Exabeam Successfully Completes the Annual System and Organization Controls SOC 2 Type II Audit

Read More



Recent Information Security Articles

SIEM Gartner: Get the 2021 Magic Quadrant Report

Read More

Five Steps to Effectively Identify Insider Threats

Read More

Detecting the New PetitPotam Attack With Exabeam

Read More

The Challenges of Today’s CISO: Navigating the Balance of Compliance and Security

Read More

Human Managed Selects Exabeam to Drive Faster Decision-making

Read More