Roundup: data breaches ’round the world

October 22, 2014 | by

Following on our review of recent articles on why medical identity theft is so attractive, here’s our review of data breaches in the news, including a new (to this Editor) report from Europe.

  • It’s not Europe, blame the UK! That is one of the surprising findings of a meta-review of all types of data breaches released earlier this month by the Central European University’s Center for Media, Data and Society (CMDS). While not specific to healthcare, it is the first study this Editor has seen on EU data breaches and is useful for general trends. 229 verified incidents were analyzed by the CMDS across  28 EU member countries plus Switzerland and Norway, 2005-3rd Quarter 2014, and includes unusual healthcare breaches such as Danish HIV patients’ personal information included in a PowerPoint presentation later published online. Key findings:
    1. 57 percent of breaches were due to insider theft, mismanagement or error; 41 percent were hacker-instigated
    2. It’s common: “for every 100 people in the study countries, 43 personal records have been compromised”
    3. In terms of impact, the UK by far, then Greece, Norway, Germany and Netherlands were the top five countries for incidents and numbers of records breached (report page 9) (more…)

CHS data breach estimated price tag: $150 million

August 26, 2014 | by

Huge price tag, is the solution more ‘white hat hacker/crackers’, get a clue, C-Suite and why China leads in hacking (important updates!)

Dan Munro in Forbes got out his calculator and estimated that the cost to Community Health Services, based on prior incidents, may be as high as $150 million. He bases it on recent poster children Columbia-NY Presbyterian and BlueCross BlueShield of Tennessee. The message to healthcare business executives: pay now–by beefing up HIT and data security–or pay later in rush remediation of data breaches like identity theft protection, Office of Civil Rights-HHS fines, potential insurance fraud,  legal charges and damages awarded. On the latter, it took only hours after the announcement for the first class action to be filed in Alabama.

Of course cybersecurity experts, particularly the ‘white hat’ or ‘cracker’ variety, are in increasingly high demand across all business areas and internationally–and there aren’t many at that exalted level or even a rung or two below. Their commensurate compensation is one factor, but calls to hire less expensively overseas as explored in this article are, in this Editor’s estimation, a two-edged sword: much hacking, many sleeper bugs and ‘backdooring’ are engineered overseas (China, Russia, the Balkans, India); what is to say that these ‘former hackers’ aren’t playing both games? Cybersecurity’s hiring crisis: A troubling trajectory (ZDNet)

The C-Suite Must Care…The Workforce Must Be Aware

Since data security and data breaches threaten to swamp many sectors (universities and colleges, even more than healthcare, rank as the most vulnerable), the solution may not be wholly in the code. (more…)