Log in

Posts Tagged ‘Hospital’

Health care data breaches on the rise – Get serious about the HIPPA

December 15th, 2011

Image via Wikipedia

How many healthcare organizations today are following the HIPPA (Healthcare Insurance Portability Act and Accountability Act of 1996)? Looking at the increase in health care data breaches, one know how much security laws are being followed.

The US healthcare system has always been the best choice for hackers. Every other data breach news item talks about health-care data thefts. According to the Ponemon Institute’s data security survey 96% of US healthcare organisations have been a victiom of at least one data breach in the last two years. Medical data handling practices are very sloppy and a disturbing reality check for patients. Data breach risks are very high especially related to identity theft and medical identity theft. Obviously patient’s privacy is affected. Every time a breach takes place, hospitals lose an average of $2.24 million. Annually it would come around $6.5 billion.

What is the exact reason for this severe problem? – Silly mistakes on the employee’s part is the main culprit here. Although the mistakes are ’silly’, the consequences are disastrous. In addition t0 the employees, third parties and sub-contractors are to be blamed for data breaches. Needless to say, lost or stolen devices add to the reasons.

The survery also showed that the use of unsecured mobile devices contributed to data theft. Most of the providers do not do much to protect the data on these devices. These devices are used for gathering, transmitting, and storing patient information but obviously they are not secured enough. According to the report “An area that needs to become more of a priority is privileged user and access governance, with only 29 per cent agreeing that the prevention of unauthorised access to patient data and loss or theft of such data is a priority,”. “Hospitals and healthcare providers suffered an average of four data breaches in the past year, according to the report.”

The worst part of these data breaches is that once discovered they are notified to the customers only after a couple of months.

HIPPA needs to step in and enforce security laws. Every hospital has a data security policy but how many actually follow them? Very few, it is clear from the upsurge of data breaches. An HIPPA audit is a must for very organization. But that’s not enough. What is required is data encryption, virtual or dedicated firewalls, offsite backup and antivirus to meet HIPAA/HITECH standards and keep data secure.

Following are the consequences of a data breach that healthcare organizations suffer from:

81% Diminished productivity and lost time

78% Brand or reputation diminishment

75% Loss of patient goodwill

Result of these conseqences: dissatisfied patient,an average loss of $113,400 per customer/patient.

Data breaches are discovered through:

51% Employees

43% Audit/Assessment

35% Patient compliant

Following are the consequences of a data breach that healthcare organizations suffer from:

81% Diminished productivity and lost time78% Brand or reputation diminishment75% Loss of patient goodwillResult of these conseqences: dissatisfied patient,an average loss of $113,400 per customer/patient.
Data breaches are discovered through:
51% Employees43% Audit/Assessment35% Patient compliant

Alertsec is into the data encryption business

You cannot afford to wait any longer. Alertsec Xpress, the market leader in data encryption, is the need of the hour. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption providers in security, performance, strength and ease-of-use for administrators and users. Alertsec also offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Cryptography data breach data security Health Insurance Portability and Accountability Act Hospital identity theft Patient Ponemon Institute Theft

TRICARE in trouble for data breach

October 11th, 2011

TRICARE data breach affects millions

Data breach incidents are on the rise and even though effects of some of them many not be that serious, data loss and identities are at stake.

A data breach involving personal health information of an estimated 4.9 million military clinic and hospital patients made headlines last week. The report was about Tricare Management Activity, the federal government’s health care coverage for active and retired military personnel and their families.

What Tricare had to say?

According to TRICARE the data was stolen from a backup system that contained electronic patient data from 1992 through Sept. 7, 2011 from patients that were treated at San Antonio area military treatment facilities (MTFs) (including the filling of pharmacy prescriptions) and some of them whose laboratory data was processed in these same MTFs although the patients had received treatment somewhere else.

A total of 4.9 million patient’s documents were affected. The stolen data includes Social Security numbers, addresses and phone numbers, and some personal health data. Fortunately no financial data, such as credit card or bank account information was compromised.

The incident is still under investigation and it could take anywhere between 4 to 6 weeks for Tricare to notify those who have been affected by the breach. Tricare further stated that the risk of harm to patients is fairly low. Affected Tricare beneficiaries will receive personalized letters with details about the data breach.

In the past Tricare contractors had received free credit monitoring but in this case TRICARE has not promised anything.

TRICARE releases statement

“Reading the tapes takes special machinery. Moreover, it takes a highly skilled individual to interpret the data on the tapes. Since we do not believe the tapes were taken with malicious intent, we believe the risk to beneficiaries is low.”

How was the data stolen?

The data was stolen from the car of an employee of Science Applications International Corp. It contained backup tapes of electronic health records. According to the police report the car was parked at 300 Convent from 7:53 a.m. to 4:30 p.m. Sept. 13. Along with the backup tapes a stereo system valued at $300 and a GPS device were stolen.

Apparently the employee was planning to transport this data between federal facilities.

According to a SAIC spokesman the data was partially encrypted.

What users had to say?

“The fact that the tapes were encrypted should go to show how important it is to keep the information safe. That is not a way for the Govt employee or contractor transporting to feel safer about leaving them unattended in a vehicle. Had this happened in the military equivalent with secret media, they would be run through. The lack of disciplinary action is somewhat disturbing”.

Data Protection with Alertsec

Alertsec Xpress is the laptop security service that supplies SMBs with the leading data security software for their laptop encryption implementation. The core function in any mobile data protection system is the hard drive encryption – outperforming file encryption and other kinds of data encryption software on speed, security and flexibility.

No comments »

Posted in Computer security, Data Protection, Uncategorized, data breach, data encryption

Tags: data breach Electronic health record Encryption Facilities Health Health care Hospital Medicine Personally identifiable information SAIC San Antonio Science Applications International Corp Social Security number TRICARE Tricare Management Activity United States

Wake Forest Baptist suffers data breach

July 18th, 2011

Data breach at Wake Forest Baptist Medical Center

Medical records are the most vulnerable lot. Umpteen cases of hacking into medical data have been making headlines.

The latest joining the bandwagon is the Wake forest Baptist.

What happened?

Winston-Salem, N.C.-based Wake Forest Baptist Medical Center suffered a data loss of medical records and documents that affected 357 people.

Wake Forest Baptist Medical Center had fired an employee, Linda Bowden Turner, on June 1. It appears she had taken pages from 136 patient medical records and 221 employee documents that included Social Security numbers of past and current employees.

Ms. Turner was charged with larceny by employee. According to her attorney and WFBMC Ms. Turner was a hoarder and did not commit this deed intentionally.

Here is the statement issued by the Medical Center “On the afternoon of May 31, 2011, Wake Forest Baptist Medical Center received a call about documents, belonging or pertaining to the medical center, discovered in the basement of a rental home. Following an immediate response by our Privacy and Compliance Offices and with assistance from the Winston-Salem Police Department, our staff removed boxes from properties and storage units owned by former employee, Linda Turner”.

“None of the documents discovered comprised a complete patient medical record,” the center said. “The employment records date from a time when many hospitals used Social Security numbers as the employee identification number. Wake Forest Baptist discontinued this practice several years ago.”

Investigation showed that there were employment and medical documents mixed in with large volumes of the former employee’s personal documents, newspapers, magazines and trash.

There was no evidence found that said that the information was misused in any way. The documents appeared to be undisturbed in storage areas till the discovery.

Post breach

Wake Forest Baptist mailed Thursday a letter to affected individuals offering a free year of Debix credit-monitoring services, which require registration for use.

Soon after the incident the medical center has started training employees regarding the proper handling of paper documents containing personal or protected health information. Training program also includes training new staff and implementing this program in the annual mandatory compliance training.

The medical center has submitted a report to the appropriate regulatory agencies, including the U.S. Department of Health and Human Services, the North Carolina Attorney General and The Joint Commission. A review of the case has been completed by the North Carolina Department of Health Services Regulation (DHSR). DHSR found no discrepancies.

Implementing security measures with Alertsec

Time and again it has been proven that most laptops are stolen or valuable document taken from the place of work. Alertsec Xpress is the web-based service powered by Check Point Full Disk Encryption – the global leader in encryption for laptops and is used by big and small organizations that have recognized the need to protect their information.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption.
Powered by Check Point – the market leader

.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: Baptist breach notification laws computer encryption software Computer security data breach data encryption data security Enter your zip code here Health care Hospital identity theft Joint Commission Medical record Medicine North Carolina Social Security number Winston-Salem Winston-Salem North Carolina

Potential Medical Data Breach at University of Iowah

February 3rd, 2011

Data Breach at University of Iowah

The University of Iowa Hospital has informed University football players about the potential data breach involving their medical records. These medical data were stored electronically and data encryption software were not used.

The incident involves 13 football players who were admitted to the hospitals earlier for treatment of a muscle disorder. This may cause kidney disorder and known as Rhabdomyolysis syndrome. The University will send letters to notify all the patients after the completion of the investigation.

University said in a statement “The players and their families were notified of the possible violations and the patients will receive letters that will detail the outcome of the investigation, which may take up to two weeks”.

Unauthorized Access o Medical Records

In this case, the possible breach was identified after routine screening and the alert was issued. Professionals at the University of Iowa Hospital revealed privacy violations and unauthorized access to medical records of players. It is still not clear that the breach was conducted by the internal employees or by the outsiders. The concerned authorities at the hospital are conducting an investigation into the data breach.

According to the statement “Officials at University of Iowa Hospitals and Clinics in Iowa City are conducting an investigation after a proactive screening of the electronic medical records of 13 University of Iowa football players indicated that some of those records may have been accessed inappropriately”.

Confidentiality of Medical Records

This data breach has broken the rules of The Health Information Portability and Accountability Act. According to HIPAA, authorities should maintain confidentiality of medical records and it may be only accessed by authorized employees for fulfilling their official responsibilities. The medical records may contain confidential information of the patients like their names, age, addresses, social security numbers, e-mail address, contact numbers, health status, health plan beneficiary numbers and other personal details.

Data Security is very essential for every organization because if dissatisfied employees get unauthorized access to confidential files, they can misuse the information. Cyber criminals may also exploit the vulnerabilities in computers and networks to hack the confidential data. Organizations like Universities must regularly conduct security checks to find out the data Security threats and also restrict access to privileged data to safeguard the confidential information.

How Alertsec Xpress Would Have Helped

This news exemplifies the need for data protection applications like Data encryption software and Laptop encryption. To stay secure, and protect your data from breach incidents, it is vital to use a data security/recovery software. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Data Breach Notification Insights (clerkendweller.com)
Identity Theft Report Highlights Number of Data Breaches in 2010, Need for Better Reporting (readwriteweb.com)
If You Discover A Privacy Data Breach, You Probably Shouldn’t Wait Three Months To Tell Users (techdirt.com)
Ferentz: Five Iowa players released from hospital (sportsillustrated.cnn.com)
Indiana AG Sues Wellpoint Over Health Data Breach (informationweek.com)

No comments »

Posted in data breach

Tags: data breach data encryption data security Encryption Health Insurance Portability and Accountability Act Hospital identity theft Iowa Medical record security University of Iowa University of Iowa Hospitals and Clinics

Geisinger Discloses Potential Patient Data Breach 2900 Patients Affected

January 10th, 2011

Electronic Medical Record

Geisinger Wyoming Valley Medical Center

Shannon Konopinski is a resident of Hazleton resident who has contacted lawyers. Why? Since, she is worried about the possible public leakage of her personal health information and family on the internet and has contacted lawyers. Apparently, she is upset about a letter she had received which stated that a former physician sent her protected health information to his home e-mail in an unencrypted manner. Infact Shannon is not the only one and this is what exactly happened!!

Unencrypted Email Caused Data Breach

Geisinger Health System is a physician led health care system, dedicated to health care, education, research and service spanning 43 counties of 20,000 square miles and serving 2.6 million people. Geisinger became aware on 6th November last year, that a limited amount of protected health information had been emailed around 3rd November by a former Geisinger Wyoming Valley Medical Center gastroenterologist. He was emailing PHI from his Geisinger computer to his home computer in an unencrypted fashion. The physician had sent this information to his home computer to complete an analysis of his procedures.

Data Breach Affected 2,900 Geisinger Patients

Geisinger Health System acknowledged that approximately 2900 Patients were affected by this data breach had been disclosed on 27 December 2010 in an unauthorized manner in a press release. Affected patients were later on notified by a letter. According to a Geisinger press release, in the letters that went out to the affected patients, Geisinger notified patients that protected health information (PHI) was improperly disclosed when a former Geisinger Wyoming Valley Medical Center gastroenterologist emailed PHI to his home email account without first encrypting it.

Leaked Data didn’t Include Financial Information

Unencrypted information included patient names, Geisinger medical record numbers, procedures, indications and physician’s notes on the care provided. These are some of the most basic information that constitute PHI and requires safeguarding under HIPAA. It did not include telephone numbers, addresses, SSNs, patient account information and any other information that would lead to financial fraud. According to Geisinger the PHI did not include any financial information that would make the patients vulnerable to identity theft.

Geisigner Notified Patients under the HITECH Act

Geisigner had to notify the patients under the HITECH (Health IT for Economic and Clinical Health) Act which amended HIPAA, because the information was not protected with encryption software before being sent.

According to HIPAA, if electronic PHI is lost or stolen and it was not protected with encryption, full disclosure is to be made to the patients and to the HHS, which oversees and enforces the implementations under HITECH.

The doctor who caused the breach at Geisinger no longer works for the medical center but it is not specified whether he resigned or got fired, according to the reports. There are two main reasons behind these continuous data breaches: the first reason is heavy number of electronic data, the more data there is electronically, the more vulnerable it is to breaches. The second and the most important reason is the lack of awarenesses of computer encryption software, desktop encryption software, laptop encryption software and data encryption software.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.