[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]The Australian Defence Department confirmed to the Sydney Morning Herald that protected health data of hundreds of Defence Forces personnel went to (guess where!) China. However, as breaches go, this was an easy hack–it was sent by a health contractor, Luxottica Retail Australia, which contracts with manufacturer Tristar Optical in Dongguan, Guangdong province. Those affected included soldiers posted overseas to Afghanistan and special forces commandos who went on to be deployed to Iraq. Luxottica has since lost its contract with principal contractor Medibank Health Solutions. Both Medibank and Defence have had a lot of ‘splainin’ to do... Continue Reading
Search Results for breaches
Weekend Must Read: WSJ’s experts sketch out future healthcare
Fortunately not paywalled on the Wall Street Journal‘s site is The Future of Health Care: Hacking, Hospitals, Technology and More, a view of Healthcare and Us out to about 2030. Most of these ten short essays give cause for optimism, except for that first one–hacking. If you thought PHI breaches were bad, DNA hacking will make that look benign. ‘The Experts’ include Robert Wachter, MD [TTA 16 April, author of ‘The Overdose’], Dr John Sotos who was medical adviser on ‘House’, David Blumenthal of the Commonwealth Fund, Marc Agronin of Miami Jewish Health System and Dr Drew Harris of Thomas... Continue Reading
UCLA Health data breach may affect 4.5 million patients
...could have started as early as September 2014. Yet the UCLA Health statement equivocates: “At this time, there is no evidence that the attacker actually accessed or acquired individuals’ personal or medical information. Because UCLA Health cannot conclusively rule out the possibility that the attackers may have accessed this information, however, individuals whose information was stored on the affected parts of the network are in the process of being notified.” The usual remedy of a year of identity theft services is on offer, which seems to be the requisite Bandage for Breaches. Where is that ounce of prevention? Also FierceHealthIT.... Continue Reading
“The data security fault, dear Brutus, is not China, but in the company org chart”
...HIT and cybersecurity heads report to the chief financial officer (CFO) or some other executive like a CAO (administrative). His withering take on most CEOs are that they are more concerned with stock price and covering breach losses via insurance rather than preventing cybersecurity failure and harm to customers. In his analysis of data breaches, he also observes organizational and governance breakdowns plus an inability to follow legal requirements. Anthem, late of an 80 million patient breach, he offers as a perfect example–well-designed phishing abetted by lax access controls=Happy Hacker Hunting. And if you include the CEO of the USA... Continue Reading
The pileup of Federal ‘titanic serial IT disasters’ (US)
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/06/keep-calm-and-secure-your-data-4.png” thumb_width=”150″ /]Don’t feel bad, HIT execs–the Feds are even worse. Complementary to our coverage of the increased danger of hacked health IT systems and data breaches (the trail of tears is here and here) is the oddly muted press clamor around the 4 June hacking report of the Federal Office of Personnel Management (OPM). Chinese hackers roamed around two OPM databases–personnel and security clearances–for nearly a year, according to CNN’s Senate briefing coverage. The breach likely exceeded 18 million records, though the real number may never be known. Privacy Rights Clearinghouse summarizes it and provides an interesting link... Continue Reading
Healthcare vulnerability in a concatenation of data breaches
Concatenation is one of those lovely English words that express far more than its simpler synonyms: sequence, series or chain of events. Perhaps we have experienced that concatenation of data breaches which connect and demonstrate a critical mass that motivate healthcare organizations, including insurers, to ensure that data security and privacy gets primacy in HIT. Our Readers know we’ve been on the case since 2010; we’ve been noting Ponemon Institute and ID Experts studies since then. While simple, straightforward theft can be the cause of smaller breaches and not part of a Big Hack, it’s not as Three Stooges or... Continue Reading
Telehealth reimbursement makes legislative progress in Texas, US House
...and cost effective’–it is designed to be expenditure neutral. The bill also includes extensive stipulations on health information exchanges based on national standards (ANSI) as well as amending the health and safety code for immunizations and other health conditions. The ‘criminal offense’ pertains to protected health information breaches as a misdemeanor. Telehealth inclusion in Medicaid is positive as this state insurance plan serves the poorest and often sickest, as well as many federal Medicare ‘dual eligibles’. Texas, being a large state, also sets trends (including the most reluctant to adopt cross-state telemedicine licensure.) Text of HB2641 Would that telehealth reimbursement... Continue Reading
58 percent of health data breaches due to simple theft, not hacking: JAMA
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2014/08/keep-calm-and-encrypt-your-data-5.png” thumb_width=”150″ /] Criminal activity is the cause of nearly 6 out of 10 data breaches, according to a study published in JAMA last week (subscription required). Cyberbreaches–the infamous hacking attacks–produce breaches in the millions, but the far more typical and frequent breach, if smaller, is caused by simple theft of records–electronic and paper. HealthLeaders We’ve reported previously that stolen records (over 500) have ranged from laptops to paper records as landfill and even old-style X-rays in dead storage sought after for mercury content. So if Hackermania is not always running wild, except when it is, how to keep... Continue Reading
Data breaches top 120 million since 2009 (US)
...EMRs to speak with EHRs, Meaningful Use, new care and payment models, 30-day readmissions and ‘oh, by the way, how will we get paid?’ The Premera Blue Cross (Washington state) breach of 11 million records was the second largest in healthcare history (after Anthem Health‘s February bunker buster of a breach). Most breaches are from stolen laptops or shared/easy to guess passwords (or none at all)–but these have not been in the millions. Premera’s theft took place on 5 May 2014 and was only discovered in January; it included SSIs, bank information, claims data, patient name/address and date of birth.... Continue Reading
23andMe’s FDA coup hazardous to personal DNA data security?
...than the details of our life circumstances”. Hackermania’s Running Wild with AnthemHealth-sized data breaches [TTA 11 Feb], and unlike credit cards and SSIs, your DNA doesn’t change–once it is public, it’s never private again. Vivek Wadhwa of the Rock Center for Corporate Governance at Stanford University and director of research at Center for Entrepreneurship and Research Commercialization at Duke University argues the case in VentureBeat. Also FierceHealthIT. Gizmodo in ‘How Private Is Your DNA’ nearly three years ago exposed the awful truth–that states have no laws in place, and that while DNA gathered for research is largely anonymized, what can... Continue Reading
Most Recent Comments