Medical records are some of the most valuable assets for criminals, and this is why we have seen some of the worst medical data breaches in the past. The theft of electronic medical records is the most convenient way for criminals to get all the required data for later scams.
Privacy Rights Clearinghouse PRC, in its latest publication, reveals the list of six of the worst data breaches of 2011. However, the interesting factor is that out of six, three of the scams or data violations involved the theft of medical information.
According to PRC, the medical records of the patients are a precious target for cybercriminals.
What made them so valuable?
The amount of sensitive information present in the medical records made them valuable. The medical records contain sensitive information regarding the patient, including date of birth and Social Security Number.
Not only do these records offer valuable information that can be used in any financial theft or fraud, but they can also be used to purchase prescription drugs or commit insurance fraud.
Mentioned below are the worst breaches of health data in the year 2011.
Sutter Physicians Services and Sutter Medical Foundation
Hackers steal the desktop computer from the administrative office of Sutter Physicians Services and Sutter Medical Foundation. And the data of approximately 3.3 million people was compromised. Although the laptop was password-protected, the data was not encrypted.
Once the case is out, Sutter is facing lawsuits for not performing sufficient measures to protect the clients’ information. Another reason for the anger among affected people was the company’s negligence as it fails to inform the concerned people timely.
The second most horrifying data breach of 2011 was the theft of nine data servers of Health Net from its data center located in Rancho Cordova, CA. The servers contain sensitive information of policyholders, including their names, Social Security numbers, addresses, and other valuable financial and medical information. The total number of people affected by this fraud was 1.9 million. The theft happened in January, but the affected people remained uninformed for the subsequent three months.
Scammers stole the backup data tapes from the employee of Tricare and SAIC. The data tapes contain information about patients from military clinics and hospitals. The data was unencrypted and possessed the data of the year 1992 to 2011. This scam affects almost 501 million patients. The company has to face nearly $4.9 billion lawsuits against them.
All the data breached we have seen in history have two things familiar— all the scams included stealing physical equipment and unencrypted data in the devices. Moreover, in the cases mentioned above, companies failed to inform the affected people about the data breach.
Teaching For The IT Professional Working In The Medical Field
Here are some ideas for the IT professional associated with the medical field.
- Always ensure the secure encryption of your sensitive data.
- Along with ensuring information security, take care of the physical safety of devices as well (USB sticks going missing etc).
- Ensure proper training and development sessions to train your employees for the effective transfer of sensitive information.
- In case of any data breach, it is the organization’s responsibility to inform the law enforcement companies and affected people immediately.