Healthcare Data Breaches Pose Significant Concern

Lack of controls for data a problem

Wednesday, May 02, 2012
Healthcare Data Breaches Pose Significant ConcernSince the end of 2009, as many as 20 million people have been affected by data breaches within the healthcare field alone.

Healthcare data breaches have become particularly widespread in recent years as organizations move toward digitizing patient records, and as a result, at least 19.2 million consumers have been exposed by about 410 major incidents since September 2009, according to a report from Gov Info Security. Those incidents, however, don't involve the three major breaches suffered in the last few months.

The Utah Department of Health, South Carolina Department of Health and Human Services and private company Emory Healthcare have all been hit with breaches that exposed the private personal and medical information for hundreds of thousands of consumers each, the report said. Other major breaches observed this year - of which there were just four - affected a total of 31,000 people, and that was included in the 19.2 million total.

Experts say that the majority of medical data breaches are caused by mistakes or misdeeds from employees at the organizations, the report said. For instance, the Utah breach involved employees not properly protecting a computer server containing the medical information for more than 780,000 people, and those systems were attacked by hackers. The Emory data breach was caused when an employee misplaced 10 computer disks. The South Carolina incident came because an employee was transferring patient data to his personal email account.

Experts say these problems are routinely caused because healthcare organizations just can't protect patient data effectively enough, according to a report from tech news site Dark Reading.

"It's not typically malicious - the bulk of the insider threat is lack of knowledge; users access data, leave data on systems, and it's not maliciously intended," Rick Dakin, CEO of the IT security consulting firm Coalfire Systems, told the site. "The insider threat follows the same vector: lack of access controls. A lack of monitoring. The lack of data loss prevention tools. There's a series of control breakdowns that allow insider threats to maliciously or just through human error and mistake access data and compromise the data."

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about the issues consumers face when their personal or medical data is exposed in a breach.

© 2003-2012 IDentity Theft 911, LLC. All Rights Reserved

Category

   Data Breach (28)
  Identity Protection (38)
  Identity Theft (100)
  Medical Identity Theft (6)
  Online Fraud (27)
  Privacy Protection (30)
  Public Affairs (8)
  Additional Topics (32)

© 2003-2012 IDentity Theft 911, LLC. All Rights Reserved
Privacy Policy  |  Terms of Use
For business inquiries, call 888-682-5911 or email info@idt911.com. If you need identity theft assistance, call your provider organization to be put in touch with the IDentity Theft 911 Resolution Center.
Phone: 1-888-682-5911  |  TTY: 1-866-989-0389
Request Information
Contact Us  |  About Us  |  Knowledge Center