For healthcare institutions, that data breach can really cost. Javelin Strategy & Research has been tracking the cost of data breaches, including healthcare, for the past ten years. Using its data across all their industries tracked (data here), the threat of identity fraud as of 2012 is up to 1 in 4, from 1 in 9 in 2010. In commenting on the big breach last year at the Utah Department of Health (780,000 records, TTA 22 Dec), a Javelin spokesperson has made some news by estimating the additional fraud cost at $406 million–and that is in addition to the estimated $9 million that the state has spent on security audits, upgrades and credit monitoring for victims. Hackers seem to be more targeted than ever, but often even simple precautions are not taken–in Utah, the factory password to the server was never changed. A cautionary note–no, symphony–to developers and to HIT departments. Healthcare IT News, Salt Lake Tribune, Javelin release
Could iris scans be a solution? Biometrics makers, such as Safran, Fujitsu, AOptix Technologies and M2Sys Technology, are finding new customers in hospitals and large providers. HCA Holdings, the largest US for-profit hospital chain, is testing Eye Controls’ system at their private clinics in London. Medical ID theft is also a problem in the UK, with ‘shame-based theft’ (to conceal an illness) and private billing the given reasons. Iris scanning units cost about $200-300–a moderate cost. According to the World Privacy Forum, iris scanning will rule out hacking, but not ‘inside jobs’–progress of a sort. But an open question is how this integrates into current EHRs. Iris Scans Seen Shrinking $7 Billion Medical Data Breach (Bloomberg) Editor’s note: The Gimlet Eye is…envious.