The Rising Internal Threat

News that hospital workers viewed more than 60 patients' health records at the University of California, Los Angeles, Medical Center is another reminder that employees and contractors pose the greatest security threats to personal information, as security experts point out. Last month, the State Department announced that the passport files of the three presidential hopefuls had been accessed by contractors working for the department but who did not have authorization to access the files. State acknowledged that the files had been breached after a reporter contacted the department inquiring about a possible breach.

In the Medical Center's case, hospital officials did not realize the files had been accessed until lawyers for actress Farrah Fawcett, who had been treated at the center, contacted hospital officials after an article appeared in The National Enquirer about the recurrence of Fawcett's cancer. After an investigation, the hospital found that 61 patient records -- about half celebrities and politicians -- had been opened by one unauthorized user.

Stories like this may explain why information technology managers have put identity management, the ability to control who accesses what data, at the top of their to-do lists, according to an annual information security survey conducted by CIO Magazine. The survey also notes that for the first time in its five year history, IT managers say that employees were more likely the source of a security incident than hackers. In fact, the switch was dramatic, from 51 percent of IT managers saying employees were the source of cyberattacks in 2006 (while 54 percent said attacks came from hackers) to 64 percent in 2007 (with 41 percent saying attacks came from hackers).

Government Executive recently published an article on the importance of ID management.