Freely subscribe to our NEWSLETTER

Amichai Shulman, Imperva’s CTO comments, “Dale Trever had been accessing the information between October 2008 and June last year and worryingly has only been caught now. With such a large system with very sensitive information in it, you would have expected the NHS to have some sort of alert system which monitors access and alerts in real-time when company policy is violated.”

Shulman continues “Just 6 months ago the NHS were exposed when it was found that as many as 140,000 non-medical staff, including porters and housekeepers, had access to sensitive NHS patient files. When there is a problem, a responsible organization should be able to assess the scope of the damage.”

“These incidents raise the fact again that the biggest issue related to insider threat is excessive privileges and the abuse of these privileges. This is a very though issue to resolve without an automated system that can alert when it detects abnormal behaviour. The UK health industry needs to update its access controls. With such a large number of sensitive records, doing this manually is obviously a near-impossible task so they will have to automate their process of user rights management.” adds Shulman.

Shulman advices “The system should be able to alert on an illogical access to a database by a user who should not be accessing the data. To avoid such incidents happening again in the NHS or for any organisation, they need to invest in a system that will:

1. Automatically update business policies according to normal usage

2. Remove excessive access controls to allow access only on a ‘business need-to-know’ level.

3. Detect abnormal behaviour.

4. Alerts on business policy violations

5. Presents the clear picture of how was it accessed, by whom and how was it accessed. “