...the other Grizzled Pioneers. We’ve only been whinging on about data breaches and security since 2010 and their researchers could benefit from our back file. And speaking of 2010, the Department of Health & Human Services (HHS) is doing its part to close the budget deficit by collecting data breach fines–$10 million in the past year. A goodly chunk will be coming from New York-Presbyterian Hospital/Columbia University Medical Center: $4.8 million for a 6,800 person breach (iHealthBeat) where sensitive records showed up online, readily available to search engines. And yes, we covered this back on 29 Sept 2010 when breaches... Continue Reading
Search Results for breaches
Risky hospital business: happy device hacking, insider data breaches
...medical centers have with detecting data security breaches, particularly when they are small, sneaky, over time and by an insider. UMass uncovered a series of low-profile breaches by a former employee who helped himself to patient information such as name, address, date of birth and Social Security number–and may have used it to open up credit card and mobile phone accounts. Only four records appear to have been misused in this way, but at least 2,400 records were estimated to be improperly accessed–over 12 years, which made it even more difficult to find. Perhaps the employee was funding retirement? HealthcareInfoSecurity... Continue Reading
Data breaches may cost healthcare organizations $5.6 bn annually: Ponemon (US)
...the annual cost is $5.6 billion, down from $7 billion in 2012. The number of data breaches decreased slightly. 38 percent report more than five in the 2013 report compared to 45 percent in 2012. The number of organizations reporting at least one data breach in the past two years was 90 percent versus 94 percent in 2012. Healthcare organizations improve ability to control data breach costs. The economic impact of data breaches for the healthcare organizations represented in this study over the past two years is $2.0 million–but it is 17 percent (nearly $400,000) less than 2012. ACA increases... Continue Reading
PHI data: 361,000 examples that it’s more insecure than ever
We’ve been fairly consistent in our coverage of data breaches, including the regrettable fact that more digital data stored out there on EHRs and devices with low security means Happy Hacking (or Stealing) for Fun and Profit. [TTA 2 Apr] Here’s additional proof, including the first incident this Editor has seen of email phishing: California, there they go: A theft of eight computers from Sutherland Healthcare Solutions’ medical billing and collections office compromised 338,700 patients’ personal health information (PHI), including SSIs. Sutherland provides services to the Los Angeles County Department of Health Services and Department of Public Health. Being California,... Continue Reading
How insecure can health data get? Very.
Gigaom is one of our go-to sites for enthusiastic whiz-bang health gadget coverage (and more), but here’s the downside of all those devices: all that data. And it’s not only not secure, but also getting more insecure. Grégoire Ribordy of Swiss encryption company ID Quantique makes some key (and scary) points on the data breaches looming–and he doesn’t mention that block of Swiss cheese Healthcare.gov once: One-stop storage for your total health records and data, an idée fixe among government and single-payer theoreticians, just makes it one-stop-shopping for hackers. Richer health data means more to steal and exploit. There’s also... Continue Reading
Now three medical device maker networks hacked
...companies had data intrusions that lasted for several months during 2013, and were not aware of them until alerted by Federal authorities. None of the companies, nor the FBI, confirmed or commented on this for the Chronicle. The attacks were “very thorough” and the source stated that they showed signs of being committed by hackers in China. The attraction of all three companies–Medtronic being the world’s largest– is their intellectual property and of course patient data, with the article mentioning confidential patient data collection from clinical trials. Also iHealthBeat. Previously in TTA: US health data breaches hit record; Healthcare.gov backdoored?... Continue Reading
US health data breaches hit record; Healthcare.gov backdoored?
...included in the Redspin report (free download here) was a mid-December breach of 405,000 records at Bryan, Texas-based St. Joseph Health System which would have put it fourth on the list. This took place in a two-day data security attack on their servers traced to China and reported to the FBI. While Redspin attributes only six percent of breaches to hacking, this is an amount sure to increase as more information is digitized. Health Data Management, iHealthBeat, FierceHealthIT Security breaches, natural disasters and outages are events that cost US hospitals over $1.6 billion annually, and 82 percent of health IT... Continue Reading
VA Department data breaches soar (US)
If after the Healthcare.gov debacle, there’s still any confidence that centralized Federal systems are secure and trustworthy, please read this HealthcareITNews tally of the multiple data breaches and HIPAA violations taking place at the US Department of Veterans Affairs (VA). From 2010 through May 2013, VA department employees or contractors were responsible for 14,215 privacy breaches affecting more than 101,000 veterans across 167 VA facilities, including incidences of identity theft, stealing veteran prescriptions, Facebook posts concerning veterans’ body parts, and failing to encrypt data, a Pittsburgh Tribune-Review investigation revealed. The two-month investigation by the Pittsburgh Tribune-Review published this weekend found... Continue Reading
Health IT security gets a boost in Texas
...providers within the state. The Texas Health Services Authority and the Health Information Trust Alliance (HITRUST) are developing and managing the Texas Covered Entity Privacy and Security Certification Program. Organizations must assess their compliance with privacy and security regulations, and if they do will receive a certification recommendation from HITRUST. According to iHealthBeat quoting a VP there, how this is implemented will have repercussions far beyond the state. A major goal, according to Health Data Management, is to reduce data breaches which are levied in Texas alone between $5,000 and $1.5 million–not including HHS. Also Modern Healthcare, HITRUST process page.... Continue Reading
Data insecurity in Obamacare insurance exchanges (US)
...coverage and a survey speak for themselves on the possibility of the insurance exchanges opening a new wave of breaches; our readers–particularly those in the US–can decide if she is Cassandra or Chicken Little: “Minnesota insurance broker Jim Koester was looking for information about assisting with Obamacare implementation; instead, what landed in his inbox last month was a document filled with the names, Social Security numbers and other pieces of personal information belonging to his fellow Minnesotans. In one of the first breaches of the new Obamacare online marketplaces, an employee of the Minnesota marketplace, called MNsure, accidentally emailed Koester... Continue Reading
Most Recent Comments