Patient health information is one of the most sensitive subjects in health practice generally, and it requires privacy and confidentiality. Recently, five hospitals fell short in their information security. Thus, it is vital to know some things to prevent such from happening to you.
Judging from recent events, perhaps, the most challenging security problem in healthcare systems has to do with theft. Stealing laptops, storage devices such as USB drives, and other accessories where patient information can be found is a source of concern.
Five healthcare institutions have reported incidents of a data breach relating to laptop or device theft from the employee or facility’s possession in recent weeks. The failed security might have affected over 26,000 patients as seen the different cases below:
Stanford: The latest event saw Stanford Hospital officials report a stolen computer from a physician’s office around mid-July. The laptop contained personal information from about 2,500 patients. Thus, their names, work addresses, medical record details, histories, dates of birth, and even social security numbers were all compromised. According to University officials, the computer had a password and tracking software embedded in it to make its location easily accessible. However, the device has not been found, and patients have had to be notified of the incident.
Oregon: In an earlier incident in July, 14,000 people in Oregon Health & Science University Hospital had their information at risk after someone stole a USB drive from an employee’s home. The employee had inadvertently put the USB drive in a briefcase at the end of that workday. However, hospital officials say that the storage device was encoded, meaning that information that could lead to identity theft could not be gotten from them. Nevertheless, 700 patients are already aware of the situation because they had the most sensitive information.
The above cases seem to be more forgiving because the data was encrypted, but this is not the case in other examples below:
Boston: Beth Israel Deaconess Medical Center, Boston suffered an IT security breach recently. A physician had a personal laptop, which was stolen. Unlike the hospital laptops with several encryptions, his PC had no password protection and information involving 3,900 patients was compromised.
Connecticut: Not long after the above incident was reported, Hartford Hospital in Connecticut filed a similar case. A data analyst working for the hospital had his laptop stolen. The data was not protected, and it contained information about close to 10,000 patients.
Chicago: Northwestern Memorial Hospital in Chicago also documented a case of six stolen laptops and tablets. These devices were lifted from main offices in the facility, and it contained data from an undisclosed number of patients. On regular days, the information would have been encrypted, but hospital staff claimed that those security protocols were suspended at that time due to system upgrades in the software.
5 Ways to Minimise the Risks of data breaches with Computer Devices
Physicians and other healthcare workers use computers for most of their documentation and work. Therefore, they should be aware that these laptops, tablets, and smartphones come with increased IT security risks if stolen. To prevent any of the scenarios above from playing out, here are five lessons to learn concerning data breaches:
- Implement policies regarding the use of information at home: Since devices are now portable, it is easy for unsuspecting healthcare professionals to carry sensitive data around. Many of the cases reported saw the devices stolen from apartments, cars, and other personal places. It would be best if such information did not leave the organisation’s premises in the first place.
Medical records are some of the most valuable assets for criminals, and this is why we have seen some of the worst medical data breaches in the past. The theft of electronic medical records is the most convenient way for criminals to get all the required data for later scams.
Privacy Rights Clearinghouse PRC, in its latest publication, reveals the list of six of the worst data breaches of 2011. However, the interesting factor is that out of six, three of the scams or data violations involved the theft of medical information.
According to PRC, the medical records of the patients are a precious target for cybercriminals.
What made them so valuable?
The amount of sensitive information present in the medical records made them valuable. The medical records contain sensitive information regarding the patient, including date of birth and Social Security Number.
Not only do these records offer valuable information that can be used in any financial theft or fraud, but they can also be used to purchase prescription drugs or commit insurance fraud.
Mentioned below are the worst breaches of health data in the year 2011.
Sutter Physicians Services and Sutter Medical Foundation
Hackers steal the desktop computer from the administrative office of Sutter Physicians Services and Sutter Medical Foundation. And the data of approximately 3.3 million people was compromised. Although the laptop was password-protected, the data was not encrypted.
Once the case is out, Sutter is facing lawsuits for not performing sufficient measures to protect the clients’ information. Another reason for the anger among affected people was the company’s negligence as it fails to inform the concerned people timely.
The second most horrifying data breach of 2011 was the theft of nine data servers of Health Net from its data center located in Rancho Cordova, CA. The servers contain sensitive information of policyholders, including their names, Social Security numbers, addresses, and other valuable financial and medical information. The total number of people affected by this fraud was 1.9 million. The theft happened in January, but the affected people remained uninformed for the subsequent three months.
Scammers stole the backup data tapes from the employee of Tricare and SAIC. The data tapes contain information about patients from military clinics and hospitals. The data was unencrypted and possessed the data of the year 1992 to 2011. This scam affects almost 501 million patients. The company has to face nearly $4.9 billion lawsuits against them.
All the data breached we have seen in history have two things familiar— all the scams included stealing physical equipment and unencrypted data in the devices. Moreover, in the cases mentioned above, companies failed to inform the affected people about the data breach.
Teaching For The IT Professional Working In The Medical Field
Here are some ideas for the IT professional associated with the medical field.
- Always ensure the secure encryption of your sensitive data.
- Along with ensuring information security, take care of the physical safety of devices as well (USB sticks going missing etc).
- Ensure proper training and development sessions to train your employees for the effective transfer of sensitive information.
- In case of any data breach, it is the organization’s responsibility to inform the law enforcement companies and affected people immediately.