...warning that they are being targeted by “…malicious actors targeting healthcare related systems, perhaps for the purpose of obtaining Protected Healthcare Information (PHI) and/or Personally Identifiable Information (PII),” and that “These actors have also been seen targeting multiple companies in the healthcare and medical device industry typically targeting valuable intellectual property, such as medical device and equipment development data.”[TTA 22 Aug 14] (We wonder if the FBI is investigating the sundry breaches and backdoors of Healthcare.gov, embarrassingly closer to home.) And in October, we reviewed ‘the sheer screaming attractiveness of medical ID theft’ likening it to the 1949 Vienna of... Continue Reading
Search Results for breaches
Friday’s Alert: Telehealth and Telecare Aware Updated
...at the worldwide black market in medical ID theft TSA chair selection critiqued (Paul Harper’s article in Roy Lilley’s newsletter reviewed) Health apps presently of little use, says Australian telehealth expert (CE Dr George Margelis debunks current state of the art) Panasonic enters telehealth, debuts On4Today (USA unit goes social, plus pilots a TV telehealth interface) The sheer screaming attractiveness of medical ID theft (Harry Lime would find this new black market more lucrative than stealing off Army trucks) Roundup: data breaches ’round the world (Hungary’s CEU takes a long hard look at it, and even FDA is vulnerable) Earlier... Continue Reading
The sheer screaming attractiveness of medical ID theft
...to a non-insured friend. Ponemon Institute estimated the 2013 cost of US medical data breaches to be about $5.6 billion [TTA 23 April], an amount that will certainly be exceeded in 2014 with the CHS breach. What can be done? This Editor has written extensively on the need to harden systems (see data breaches). Yvonne Li of SurMD takes a fresh and counter-intuitive look over at HITECH Answers that posits that DIY for organizations is not the way to go. Migrating your data to third-party cloud storage partners experienced in ultra-secure storage is a far better choice, as long as... Continue Reading
Roundup: data breaches ’round the world
Following on our review of recent articles on why medical identity theft is so attractive, here’s our review of data breaches in the news, including a new (to this Editor) report from Europe. It’s not Europe, blame the UK! That is one of the surprising findings of a meta-review of all types of data breaches released earlier this month by the Central European University’s Center for Media, Data and Society (CMDS). While not specific to healthcare, it is the first study this Editor has seen on EU data breaches and is useful for general trends. 229 verified incidents were analyzed... Continue Reading
41 percent of healthcare employees don’t encrypt mobile devices: Forrester
...stolen devices. (What, not mulch?) Author Chris Sherman also quoted street prices for health records to The Wall Street Journal’s CIO Journal blog (subscription required): $20 for one health record to $500 for a patient’s complete record. He recommends greater use of encryption and penalties for non-compliance with safe computing. FierceMobileHealthcare, iHealthBeat. Previously in TTA on data breaches: Data breaches may cost healthcare organizations $5.6 bn annually: Ponemon; Risky hospital business: happy device hacking, insider data breaches; The drip of data breaches now a flood: 4.5 million records hacked–update; Data breaches and ‘hackermania’ running wild; ‘Hackermania running wild,’ part 2... Continue Reading
Data breaches and ‘hackermania’ running wild
Data breaches remain in the news–and the debate around how best to secure data rages. Everything old is new again. UK website Computing reported that East Midlands Ambulance Service NHS Trust lost a data cartridge containing 42,000 records from its divisional headquarters in Nottingham. It was a small but deadly cartridge containing scanned handwritten copies of Patient Report Forms from September to November 2012. However, it can only be read on a now-obsolete cartridge reader, one of which is on the Trust’s premises. An interesting project for a ‘cracker’? Perhaps someone thought it was an old paperweight? Is this the... Continue Reading
CHS data breach estimated price tag: $150 million
...what is to say that these ‘former hackers’ aren’t playing both games? Cybersecurity’s hiring crisis: A troubling trajectory (ZDNet) The C-Suite Must Care…The Workforce Must Be Aware Since data security and data breaches threaten to swamp many sectors (universities and colleges, even more than healthcare, rank as the most vulnerable), the solution may not be wholly in the code. Daniel J Solove, a professor of law at George Washington University Law School and CEO of TeachPrivacy, takes a different look at how organizations should respond and identifies the two most important things to prevent data breaches with the catch-phrase above,... Continue Reading
The drip of data breaches now a flood: 4.5 million records hacked–update
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2014/08/keep-calm-and-encrypt-your-data-5.png” thumb_width=”150″ /]Breaking News–updated at end Earlier this year [TTA 23 Apr] this Editor commented on the fourth annual update from the Ponemon Institute plus a qualitative study from IS Solutions that contained mostly unwelcome news for healthcare IT departments in the US. Ponemon’s new estimate of data breaches’ cost per year: $5.6 billion. While making some progress in the existential threat that data breaches present to institutional and personal security, both reports also outlined the disconnect between HIT professionals busy dealing with and sealing off the mice of internal causes versus the looming, huge menace of the external... Continue Reading
Politico: massive hacking of health records imminent
...the other Grizzled Pioneers. We’ve only been whinging on about data breaches and security since 2010 and their researchers could benefit from our back file. And speaking of 2010, the Department of Health & Human Services (HHS) is doing its part to close the budget deficit by collecting data breach fines–$10 million in the past year. A goodly chunk will be coming from New York-Presbyterian Hospital/Columbia University Medical Center: $4.8 million for a 6,800 person breach (iHealthBeat) where sensitive records showed up online, readily available to search engines. And yes, we covered this back on 29 Sept 2010 when breaches... Continue Reading
Risky hospital business: happy device hacking, insider data breaches
...medical centers have with detecting data security breaches, particularly when they are small, sneaky, over time and by an insider. UMass uncovered a series of low-profile breaches by a former employee who helped himself to patient information such as name, address, date of birth and Social Security number–and may have used it to open up credit card and mobile phone accounts. Only four records appear to have been misused in this way, but at least 2,400 records were estimated to be improperly accessed–over 12 years, which made it even more difficult to find. Perhaps the employee was funding retirement? HealthcareInfoSecurity... Continue Reading
Most Recent Comments