This seems like such a silly mistake:
“A critical access hospital in Colorado will pay $114,000 in a settlement with the Office of Civil Rights (OCR) stemming from the failure to terminate a former employee’s access to a hospital database containing protected health information (PHI).”
But, of course, it’s not silly when you are being fined for it, or a former employee causes a data breach. Still, of all the fires to be put out during a typical IT work day, getting their access turned off may not seem like the most important thing to be done right away.
It is though, and the proper notifications and processes need to be in place to make sure it happens. It’d be a shame to develop and purchase all these tools to secure our systems only to leave them vulnerable because no one is keeping track of when people leave and need to be cut off.