Ensuring compliance with regulatory requirements is a challenge for any company. The healthcare industry faces particular scrutiny ensuring patient information is secure, and confidentiality is not compromised. Similar to the Health Insurance Portability and Accountability Act (HIPPA) in the United States, St. MargaretŐs Somerset Hospice must conform to Caldicott principles, a set of guidelines established in England and Wales to ensure National Health Service (NHS) patient information remains secure and confidential.
A data breach and the risk to Caldicott Principles compliance cried out for monitoring software at St. Margaret’s Somerset Hospice. Their data breach response secured their data but also allowed for comprehensive monitoring of confidential information to remain Caldicott Principle compliant. “
In the wake of a disconcerting data breach, implementing computer activity monitoring software became a top priority of St. Margaret’s management.
The first program we tried was based on Windows auditing, and it was a dismal failure, said Middleton. Then we noticed Veriato Cerebral. We worked with Veriato in the UK, setting up a demo, which looked good. We followed that with a trial to ensure Veriato met our needs in action, and it did.
Since purchasing Veriato, St. Margaret’s Somerset Hospice also revealed instances of intellectual property theft. One employee transferred data to removable media and took it when they left their job. The data was completely gone. They actually took the ONLY copy of a document in existence … on a USB stick, said Middleton. Using Veriato, we were able to demonstrate it was on removable media. And because we were able to show this, we were able to have it addressed by our legal department.
From the beginning, that’s what we were looking for, to be able to see and track actions taken on a specific document, said Middleton. “Using Search to create an audit trail, to see who might have accessed a specific document, which was the initial request we could not comply with … until we implemented Veriato Cerebral.
Veriato has definitely been worth the purchase and the effort. When you compare it to the price of other software necessary to get a computer up and running in a business environment, it’s priced right. Veriato is part of the overall picture, an essential part of our network.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.