Pharmaceutical manufacturer Mylan has recently sued the Pittsburgh Post-Gazette over a series of stories describing safety issues in the Morgantown, Va., plant.  The basis for the stories were documents leaked by workers in the plant – and although the information on the background to the leak is sparse – an FDA inspection has confirmed that the plant complies with FDA quality and rebulatory requirements.   The interesting aspect of this case is that Mylan has not succeeded in discovering the leakers of the documents.
It sounds like an internal vendetta which has spilled over into the media since Mylan CEO Robert Coury has personal money at stake – about 40% of his total compensation package is in Mylan stock – which in itself is a good thing as it provides a significant performance incentive.
Data leakage of safety and compliance related documents is a commonly overlooked use case in the enterprise information protection space – as Mylan security staff are discovering – it is next to impossible to detect data leakage after the fact – unless you are using a network DLP system like Fidelis XPS or an agent DLP system like Verdasys Digital Guardian or Mcafee Agent DLP.
My guess is that the Mylan CIO is getting a lot of sales calls from DLP vendors this week – offering to help them monitor unauthorized network transfer of internal, confidential documents.
Having said that – there is no indication that the documents were not simply printed and handed to the reporters.  In that case – the only data loss prevention solution that is applicable is agent DLP like Verdasys or Mcafee agent DLP.
Then again – sometimes the best and cheapest data security countermeasures are low-tech – checking bags of employees leaving the plant..