Health Source of Ohio file breach affects 8,800 patients due to Internet lapses

March 12th, 2014 by admin Leave a reply »

Health Source of Ohio (HSO) reported a data breach of 8800 patients when the PHI information was available on Internet. PHI information contained names, addresses, phone numbers, and account numbers for each patient. Some patients also had their dates of birth, healthcare information, credit card numbers, and Social Security numbers in the file.

The Information was gathered through a web based program used by Health care accounting staff. The information was supposed to be accessible only to authorized staff – but file was available through internet searches. The file was viewed 47 times and soon after discovery of breach, HSO secured the data and disable the site access. It was not clear what actions were taken by the health centre to avoid such incidents in future.

HSO stated, “The privacy and security of patients’ personal and healthcare information is very important to HSO. Individuals who called HSO’s patient accounting staff during the time period above with questions about their account should examine their personal and financial information, such as credit card accounts and accounts with financial institutions for unusual or unauthorized activity.”

HSO listed Pair Networks as the business associate in the statement to HHS. File was hosted on the servers of Pair Networks. Pair Networks’ terms of service in their contract makes account security the sole responsibility of the customer. It does not mean that breach happened due to Pair Networks.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Leave a Reply