Former employee visits cloud and steals company data

Employees aren’t always going to be employees, and therefore you must have in place a mechanism to address what happens when someone is no longer a member of the company team. The circumstances of a person’s departure may affect the manner and means in which you act, but the result needs to be the same: full and complete termination of access to company information. Any employee who departs is no longer a trusted insider.

This is called off-boarding, and without a comprehensive off-boarding process, you risk being exploited by a malevolent former employee. Former employees whose access is not terminated can attempt to access data from which they should now be excluded.

This is precisely what occurred to the Transformations Autism Treatment Center (TACT), in Bartlett, Tenn. One of its employees, a behavioral analyst, Jeffrey Luke, was terminated. The TACT did what many companies do: It terminated his access to sensitive data and changed the email address authorized to access its data. In this case, the TACT kept its patient records in the cloud, specifically the Google Drive version of cloud storage. The steps it took were consistent with what one would expect from an entity that falls under the Health Insurance Portability and Accountability Act (HIPAA).

All looked good until the following month, when the TACT noticed that information on 300 current and past clients of TACT had been accessed. The executive director of the TACT, speaking to the Commercial Appeal, explained how TACT noticed files had been moved, and immediately called the police, who brought in the FBI.