A 12-count indictment against an engineer illustrates more needs to be done to protect and store healthcare data. Wenfeng Lu is accused to stealing data related to development of medical devices for cardiac and vascular treatment, according to a HealthcareInfoSecurity.com report.
"Many companies do not pay enough attention to how they monitor employee data issues and generally do not pay enough attention to addressing these kinds of insider risks," privacy attorney Kirk Nahra, of Wiley Rein, told HealthcareInfoSecurity.com.
The government believes Lu took the data from two different medical device companies at which he worked--ev3/Covidien and Edwards Lifesciences Corp. While court documents detail security efforts at the companies--from access limitations and to confidentiality agreements--Lu managed to conduct illicit data downloads. He also photographed gear.
"Healthcare organizations should consider whether to include all forms of confidential information, not just electronic protected health information, in an enterprisewide information security risk assessment that identifies both insider and outside threats," privacy attorney Adam Greene of the law firm Davis Wright Tremaine, told HealthcareInfoSecurity.com. Article