Risk Mitigation Support

Client Overview

This Michigan-based healthcare organization operates a network of inpatient and outpatient medical facilities, employing approximately 5,000 staff across clinical, administrative, and support roles. With a multi-site footprint and a blend of in-person, remote, and hybrid work environments, the organization requires careful coordination across departments. For this engagement, we partnered with key stakeholders including the HR Generalist, Director of Security, Department Supervisor, and Department Director to address a high-stakes incident involving data security and internal process gaps.

The Situation

A large healthcare provider discovered a serious data security issue after a staff member unknowingly purchased a hospital hard drive online. The drive, listed on a public classifieds site, contained confidential hospital and patient data—triggering immediate concern over data exposure and internal theft. The employee who purchased the drive quickly alerted their supervisor, prompting a full-scale internal investigation.

The Challenge

The organization needed to conduct a thorough, multi-departmental investigation to address:

• Potential exposure of protected patient information (HIPAA breach)
• Internal theft of computer equipment
• Breakdown in hardware decommissioning and destruction procedures
• Gaps in security oversight at loading docks

The complexity of the situation required close coordination between HR, IT, Security, Legal, and external partners.

Our Solution

Brought in as a third-party consultant, we partnered closely with internal HR leadership to help:

• Organize evidence, witness accounts, and equipment records
• Track chain-of-custody documentation for decommissioned hardware
• Secure surveillance footage and identify suspicious behavior
• Contact the public classifieds site to gather seller details and trace additional listings
• Coordinate efforts with local police and the organization’s legal team
• Conduct confidential interviews while safeguarding sensitive information

This collaborative approach allowed internal HR leaders to remain focused on their core responsibilities while the investigation progressed efficiently and thoroughly.

The Results

• The individual responsible was quickly identified, cooperated fully, and returned all missing equipment, believing it had been discarded.
• No patient data was publicly released; the only exposed drive was returned immediately by the employee who purchased it.
• Legal protocols were followed, the breach was documented, and while no charges were filed, the individual was terminated.

Most importantly, the incident prompted a much-needed policy review:

• Physical security at loading docks was increased
• New signage and restricted access procedures were implemented
• Processes were revised to ensure complete data wiping before equipment disposal
• HR policies related to workplace theft were clarified and reinforced through employee education

Why It Matters

This case highlights how even well-intentioned assumptions can lead to significant risks—especially in environments where data security is critical. Strong internal processes are essential, but so is the capacity to respond quickly and effectively when those systems break down.

Every situation like this offers a moment for reflection and improvement. Our role was not only to support the investigation but to strengthen the organization’s preparedness for future incidents.

A Stronger HR Partner for High-Stakes Situations

Whether you're navigating complex investigations or reviewing your risk mitigation procedures, having a trusted partner can make all the difference.
Let’s talk about how we can support your HR and security when it matters most. Contact us at workspring.org/hr-solutions/contact-us/.