Majority of Calif. Health Data Breaches from Stolen Hardware

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://healthitsecurity.com/2014/10/31/majority-calif-health-data-breaches-stolen-hardware/

Health data breaches in California last year were largely due to stolen or
lost hardware or digital media that contained unencrypted personal
information, according to California Attorney General Kamala Harris.

The attorney general released the state’s second annual data breach report
earlier this week, which overall did not have good news for the Golden
State. According to the data, 18.5 million Californians potentially had
their personal information put at risk from the 167 data breaches that hit
California.

“Data breaches pose a serious threat to the privacy, finances and personal
security of California consumers,” Attorney General Harris said in a
statement. “The fight against these kind of cybercrimes requires the use of
innovative strategies by government and the private sector to protect our
state’s consumers and businesses. I strongly encourage more use of
encryption to significantly reduce the risk of data breaches.”

For healthcare specifically, the numbers showed that 70 percent of the
health data breaches reported in the past two years were because of stolen
or lost hardware or digital media that held unencrypted personal
information.

The California healthcare industry should consistently use strong
encryption to protect medical information on laptops and on other portable
devices, according to the report. Moreover, those protections should be
considered for desktop computers.

While the retail industry accounted for the majority of data breaches,
security issues in healthcare still affected its fair share of patients.
Specifically, healthcare data breaches affected 1.1 million records.

The report also showed that physical theft or loss was the second most
common type of breach across the board. A total of 79 incidents occurred,
accounting for 27 percent of total breaches. The largest amount of physical
breaches took place in the healthcare industry, where 31 incidents comprise
39 percent of such breaches.

Over half of California’s healthcare breaches (55 percent) involved Social
Security numbers. However, the most common type of data attacked was health
information, which represented 75 percent of healthcare data breaches.

The majority of healthcare data breaches are preventable, according to the
report.
“An affordable solution is widely available – full disk strong encryption,
to the standard set by the National Institute of Standards and
Technol­ogy,” read the report. “This is a lesson that must be learned by
the health care industry and applied not only to laptops and portable media
as we recommended in last year’s report, but also to com­puters in offices.”

Moreover, desktop computers in offices can be encrypted when shut down at
night and decrypted in the morning, the report stated. That way if a
criminal breaks in after hours to steal the computer, the data would not be
accessible. This solution is possible regardless of a practice’s size, and
how many full-time information security and IT staff members are at a
facility.

“They owe it to their patients to do it now,” the report said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!