Following on our review of recent articles on why medical identity theft is so attractive, here’s our review of data breaches in the news, including a new (to this Editor) report from Europe.
- It’s not Europe, blame the UK! That is one of the surprising findings of a meta-review of all types of data breaches released earlier this month by the Central European University’s Center for Media, Data and Society (CMDS). While not specific to healthcare, it is the first study this Editor has seen on EU data breaches and is useful for general trends. 229 verified incidents were analyzed by the CMDS across 28 EU member countries plus Switzerland and Norway, 2005-3rd Quarter 2014, and includes unusual healthcare breaches such as Danish HIV patients’ personal information included in a PowerPoint presentation later published online. Key findings:
- 57 percent of breaches were due to insider theft, mismanagement or error; 41 percent were hacker-instigated
- It’s common: “for every 100 people in the study countries, 43 personal records have been compromised”
- In terms of impact, the UK by far, then Greece, Norway, Germany and Netherlands were the top five countries for incidents and numbers of records breached (report page 9)
- 24 percent of the Europe-specific breaches were the result of breach attacks launched from the UK (release)
- Unlike the US, medical records accounted for only 8 percent of European/UK breaches, which means they are either very secure–or underreported
- FDA vulnerable to cyberattack, says HHS. An ‘penetration test’ audit conducted by the Department of Health and Human Services by their Office of Inspector General (not to be confused with Inspector Clouseau)admits that their network and external web applications are not exactly hardened. In October 2013, there was a breach in an FDA system which exposed sensitive information in 14,000 user accounts (HealthDataManagement). The OIG states the risks are that FDA data could be disclosed or modified, and mission-critical systems would be made unavailable; recommendations were made. iHealthBeat, OIG report.
- The fallout from the mega-breach at Community Health Systems continues. A second class-action lawsuit was filed in New Mexico in addition to the August action filed in Alabama. In the US system, it’s likely that suits will be filed in the 27 other states where CHS does business. To paraphrase our original headline [TTA 18 Aug], the drip of class-action lawsuits is likely to become a flood. iHealthBeat