Unintended Data Disclosure

Unintended data disclosure is usually caused by human error, and it is a persistent risk that can be managed through good data governance and regular employee training.

How we help

Unintended data disclosures can occur in every type of work environment. Legal requirements to keep patient information confidential make it particularly challenging in healthcare. Organisations in many industries increasingly use third-party service providers, and that can lead to documents containing significant amounts of sensitive data needing to be secured appropriately. We provide clients with training and the technology resources required to reduce their risks of unintended or unintended disclosure.

The most common forms of unintended data disclosure

Not all data losses result from a cyber attack. Emails, faxes, or mailings can be inadvertently sent to the wrong recipient, particularly when employees are busy.

For example, medical information such as patient discharge instructions or prescription information can be sent to the wrong patient or another individual.
Using third-party service providers for administrative purposes can result in files containing a collection of sensitive data, such as employee payroll or tax documents, exported from the provider. An employee may accidentally share the file with the wrong recipient.
When access is not properly restricted, sensitive data on network file shares or stored in the cloud can be left accessible to unauthorised users.

This a particular risk when a server is updated for maintenance and forgotten temporary changes in configuration can leave the server exposed to unauthorised access.

How to protect against unintended data disclosure

Assess and classify your data based on the level of its sensitivity. Establish procedures that protect and secure the handling of your sensitive data, including assigning permissions based on the principle of least privilege (especially with roles giving access to all data, or for roles allowing bulk downloads of data).
Establish a social media policy. Train your employees on risks related social media posts that might reveal sensitive information, particularly employees in healthcare. As AI becomes more popular, establish rules to restrict what can be shared via tools like ChatGPT.
Employees should be trained on how to ensure that any sensitive data, including paper records, is stored securely when they finish work the day. Workstations should be locked when the employee steps away, to prevent anyone nearby from unauthorised access.
Time-stretched employees are the most likely to make mistakes, for instance picking up several sheets of paper instead of one, sending an email to the wrong recipient, or failing to verify a patient’s information.
Use role-based access controls to manage access to your network file shares. Use group policies to manage the sharing of documents externally. Block access to unauthorised cloud storage platforms. Regularly audit configuration settings on your organisation’s cloud-based resources.

Learn more about cloud compromises

Preventive services

See all services

Product

Bullwall Ransomware Encryption, Detection & Response

If you do get a ransomware infection - Bullwall detects encryption of files and triggers an automatic response, minimizing damage. Receive 50% off on installation cost, and up to 25% on licences.

Provided by: BullWall

Product

KnowBe4 Anti-Phishing Training

Up to 25% off on KnowBe4’s anti-phishing tools, including simulated phishing campaigns and interactive awareness training.

Provided by: KnowBe4

Product

Trellix Email Protection

Up to 60% off on Trellix’s Email Threat Prevention - prevent email threats and address business email compromise risks.

Provided by: Trellix

Discover our risk management offerings

We offer our cyber policyholders a range of risk management offerings designed to improve your cyber resilience, reduce human error, and manage digital risk.

Find out more