Skip to main content
. 2008 May;98(5):793–801. doi: 10.2105/AJPH.2006.107706

TABLE 3—

Risks to Public Health Departments, by Type of Intruders and Security Threats Posed

Risk Risk Description Prevention
External intruders
    Physical intruders (i.e., burglars) Physical theft of health department property such as files and computers. Lock buildings. Employ security guards and require identification for access. Centralize and enforce access management. Encrypt sensitive computers so that data are unavailable if computers are stolen or otherwise accessed.
    Electronic intruders (e.g., hackers) Unlawful access to equipment (desktop or laptop computers) or network (intra- and internet). May create hole for subsequent hacking (e.g., by sending viruses to Web-based e-mail). Enhance both intrusion detection and intrusion protection systems. Contract with “ethical hacking” firms to identify and fix vulnerabilities.
Internal intruders
    Current employees Internal access with malicious intent. Background checks of all personnel handling sensitive data. Video surveillance of areas where highly sensitive data are stored. Monitor Web-browsing activity of personnel.
    Former employees Continued physical and electronic access despite termination of employment with the agency. Immediately and automatically revoke access, both physical (i.e., keys, identification card) and electronic (i.e., network access, remote access token), upon termination.