Lane Community College (LCC) health clinic recently announced data breach when one of its technician found a computer virus in the system. The incident has affected PHI of some patients.
As per the reports, virus was transmitting the names, addresses, phone numbers, diagnoses, and Social Security numbers to unidentified third party almost for a year. Facility has notified potentially impacted patients.
“We have no evidence that any of the information was transmitted (from LCC), but there’s the possibility,” LCC Vice President of College Services Brian Kelly said in a statement to the Register-Guard.
Facility conducted internal investigation. It checked 20 other computers at the health clinic. It concluded that only computer was infected with virus. The incident has affected 2,500 individuals.
LCC has advised patients to monitor their bank accounts. Suspicious activity or any threat should be reported to the police. The college health clinic also asked patients to report data breach to their banks, credit bureaus, and credit card companies.
July 2016 HIPPA Journal mentioned that, “Cyberattacks on healthcare organizations are now a fact of life.”
OCR breach portal do not include all the data breaches that are happening around. But the current breach reports gives us the idea of pattern –
48 data breaches were reported as unauthorized access
43 data breaches were attributed to hacking or network server incidents
37 breaches were caused by the loss or theft of devices used to store ePHI or the loss/theft of physical records
4 breaches were due to the improper disposal of records
Stolen records or exposed data includes pattern as below:
60% were due to hacking (2,703,961 records)
78% were due to loss/theft (1,342,125 records)
6% were the result of unauthorized access or disclosure (342,748 records)
63% were the result of improper disposal (118,594 records)
Alertsec provides a solid foundation on which organizations can build compliance program.