BreachExchange mailing list archives
Hospitals seeing more patient data breaches
From: blitz <blitz () ken-ton net>
Date: Mon, 23 Apr 2012 16:51:08 -0400
Yeah, put that sensitive data in one of the Mickey-Mouse clouds.... Its always been about making that very data easy to steal, part of the police-state spying. When my doctor wrote down information on a piece of paper in my file, it got locked up at night. NO such assurances are there today. You buy HIPPA compliant software, and some nurse-aid who doesn't know anything about computers and has a password of "nurse" is supposed to protect it. Right. Expect this trend to mushroom. <http://www.networkworld.com/news/2012/041312-hospital-data-breaches-258270. html> http://www.networkworld.com/news/2012/041312-hospital-data-breaches-258270.h tml Hospitals seeing more patient data breaches Survey says breach problems originate from mobile devices more often By Ellen Messmer <http://www.networkworld.com/Home/emessmer.html> , Network World April 13, 2012 02:17 PM ET . <http://www.networkworld.com/news/2012/041312-hospital-data-breaches-258270. html#disqus_thread> 4 Comments . Print . <http://www.networkworld.com/?source=tbbookwtpop_nww> What's this? A bi-annual survey of 250 healthcare organizations shows that the percentage experiencing a patient data breach is up. And with the growth in electronic records-keeping, more of those problems are originating from laptops and mobile devices rather than a human slip-up in handling paper documents. A bi-annual survey of 250 healthcare organizations shows that the percentage experiencing a patient data breach is up. And with the growth in electronic records-keeping, more of those problems are originating from laptops and mobile devices rather than a human slip-up in handling paper documents. "Use of new technologies, in particular mobile devices in the workplace, have skyrocketed, creating new operational efficiencies and security vulnerabilities," noted the survey report, entitled the "2012 HIMSS Analytics Report: Security of Patient Data." The organization Healthcare Information and Management Systems Society <http://www.himssanalytics.org/home/index.aspx> also pointed out, "As mobile devices proliferate in exam rooms and administrative areas, so do the associated vectors of potential attack. Adding to this are the risks from employee negligence and organizational policies that have not kept pace with ever-changing technology." Related Content The survey, commissioned by Kroll Advisory Solutions, asked chief information officers, health information managers, chief privacy officers and chief security officers working at 250 hospitals and medical centers about the number of data breaches <http://www.networkworld.com/slideshows/2011/062211-data-breach.html> they knew about over the past 12 months. The survey found 27% of the respondents had at least one security breach over the past year, up from 19% in 2010 and 13% in 2008. The survey found 79% were attributed to employees, while most others were chalked up to actions from outsourced or contract employees. Over half of the problems were identified as "unauthorized access to information," typically the patient's name and birth date, by an individual. While misuse of paper records, including their "improper destruction," was blamed over 40% of the time, the survey did show that computer-based security issues are multiplying fast, with the source of data attributed to actions or loss related to a laptop or handheld device about 22% of the time, up from 11% in 2010. Problems with data breaches related to third-party vendors storing healthcare data is also growing, reported this year at 10%, up from 6% in 2010. In contrast, network breaches attributed to outside attacks was about 3%. The report says 31% of respondents indicated that information available on a portable device was among the factors most likely to contribute to the risk of a breach, up from 20% that said that in 2010 and 4% in 2008. Twenty-two percent of the respondents reporting a breach said the data was compromised when a laptop, handheld device or computer hard drive was lost or stolen, which is double the number who said this in 2010. The report says the vast majority of healthcare institutions conduct formal risk analysis, relying mainly on federal guidelines such as CMS Meaningful Use requirements <http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentiveProgram s/index.html?redirect=/ehrincentiveprograms> and the National Institute of Standards and Technology. The goal is to comply with the mandates of the American Recovery and Reinvestment Act of 2009 <http://www.recovery.gov/Pages/default.aspx> , which includes funding for healthcare records, and the HITECH Act, which contains penalties for security lapses related to misuse of patient healthcare information <http://www.networkworld.com/news/2009/102909-hitech-act.html> . The report says almost all the survey's respondents had taken steps to prepare their hospitals and medical centers for a possible federally-run Office of Civil Rights HIPAA audit. <http://www.hhs.gov/ocr/privacy/> Four percent had been audited and 90% in this case indicated they'd try to prepare better in the future. Two percent of all respondents said their organization had been fined as a result of a HIPAA violation. Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Hospitals seeing more patient data breaches blitz (Apr 30)