BreachExchange mailing list archives
Report details health care reform theft
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 24 Feb 2011 01:47:00 -0500
http://www.bizjournals.com/southflorida/news/2011/02/23/report-details-health-care-reform-theft.html As the nation moves toward growing use of electronic medical records, data vulnerability becomes increasingly evident. A new report released on Wednesday by Kaufman, Rossin & Co., showed 4.9 million patients had their personal health information compromised as a result of 166 data breaches that occurred during the first year of the Health Information Technology for Economic and Clinical Health (HITECH) Act The act was signed into law in February 2009 to promote the adoption and meaningful use of health information technology. It also provides for more stringent fines for privacy breaches. Of the breaches in the study, laptops were the greatest source, being involved in 43 cases and affecting more than 1.5 million individuals. All of the breaches occurred between Sept. 21, 2009 and Sept. 21 2010, the first year when breach incidents were publicly reported to the Secretary of the Department of Health and Human Services “There are so many various ways for data to be breached in this day and age and many businesses are not properly prepared or are completely unaware of just how vulnerable this information is,” said Jorge Rey, the study’s co-author and director of information security and compliance with Kaufman, Rossin. “The HITECH Act is changing the way PHI must be protected and those companies that are not serious about protecting their patients’ information find themselves facing serious reputation, legal and financial repercussions.” Among other findings: Theft was the primary cause of a data breach, occurring 58 percent of the time; loss and other were tied in second at 14 percent. 20 percent of the breaches occurred at a business associates. Theft affected the highest number of individuals: 3.12 million 32 percent of breaches were reported within the first three months The report notes that data breaches come in various forms, from hacking to medical information that is mailed to the wrong address, though the later is responsible for a very small amount of the breaches. The report sites some examples of theft such as: An impostor posing as a representative of a legitimate vendor stole several barrels of purged x-ray films, which contained the health care information of approximately 1,300 patients. A laptop computer was stolen from a hospital employee’s vehicle that contained the health care information of 943 patients A binder with printed protected health information was stolen from an employee’s vehicle and contained the information of up to 1,272 patients. The report goes on to recommend that health care organizations review their security policies, encrypt new and existing laptops and perform detailed annual risk assessments, among other things. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Report details health care reform theft Jake Kouns (Feb 24)