Contractor to be blamed for Stanford Hospital’s data theft

October 9th, 2011 by admin Leave a reply »

Stanford Hospitals blamed for data breach

Third parties have recently been in the news for data breaches. You give your data for security purpose to a third party contractor and Bam! The next thing you know is it is stolen!

The recent case detailed below talks about a breach that exposed the personal data of some 20,000 patients, thanks to the contractor’s negligence.

Stanford Hospital Clinics class action suit

20,000 patients’ personal information was made available on a public Web site for a year. That led to the class action suit against Stanford Hospitals.

Shana Springer, one of the patients whose information was compromised, filed the class-action lawsuit against Stanford Hospital & Clinics and Multi-Specialty Collection Services.  Stanford Hospital & Clinics and Multi-Specialty Collection Services is an outside vendor that was allegedly responsible for the breach. The lawsuit asks for $1,000 per patient.

Here is what the hospital spokesperson had to say: The hospital intends to vigorously defend the lawsuit that has been filed as it acted appropriately and did not violate the law as claimed in the lawsuit,'”

Case details

A spreadsheet maintained by a third party billing contractor, Multi Specialties Collection Services (MSCS), was allegedly posted on Student of Fortune website that allows students solicit homework help for a fee.

The spreadsheet apparently included names, diagnosis codes, account numbers as well as admission and discharge dates of about 20,000 patients who visited the hospital’s Emergency Room in 2009.

According to Stanford Hospitals, this data was encrypted. But looks it MSCS decrypted the data and put it into a spreadsheet. A person who had probably no clue about what he was doing and posted it on the website further managed this spreadsheet. The identity of this individual has not been divulged by MSCS.

Statements released by the hospital:“This mishandling of private patient information was in complete contravention of the law and of the requirements of MSCS’s contract with SHC and is shockingly irresponsible,”

According to the MSCS contractor, Frank Corcino, he decrypted the details and put it into a spreadsheet. He later handed off the spreadsheet to a job applicant as parts of a skills test.

It appears that the applicant was unaware the spreadsheet data was private and posted it on the homework help site in Sept. 2010. The data remained on the site until August 22, 2011 and was later discovered by a patient.

What AlertSec has to say?

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide information security in a cost-effective & easy way.

By using encryption software, you greatly enhance the laptop security, as there is no way that the information is compromised if lost or stolen. A theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. A small price to pay compared to what can happen if you lose confidential or senstive data. Our industry news provides a few examples of this.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software-licensing model.

Enhanced by Zemanta

Trackbacks /

  1. Sanitair

Leave a Reply