With the recent news that yet another healthcare company has been the victim of a potential data breach, predictions that one-third of health records stolen may not seem so far off.
Premier Healthcare, based in Bloomington, Ind., recently announced that a laptop with personal patient information had been stolen — leading to the possibility that more than 200,000 healthcare records have been exposed. While the laptop had password protection, the confidential information was not encrypted.
For several years, experts have been warning that healthcare industries seem to be lagging when it comes to using the technology that could better protect confidential information. And this is happening just as there is a global trend to store more and more healthcare records digitally.
In a report by IDC's Health Insights group, mediocre electronic security could lead to one in three consumers having their healthcare records jeopardized in cyberattacks in 2016. "Frankly, healthcare data is really valuable from a cyber criminal standpoint,” said Lynne Dunbrack, research vice president for IDC's Health Insights in a ComputerWorld article. “It could be 5, 10 or even 50 times more valuable than other forms of data."
Already, the number of Americans whose health records have been compromised totals more than 900,000, according to the U.S. Department of Health and Human Services' Office for Civil Rights.
Many of the healthcare companies that were victimized, including Premier Healthcare, are playing catch up — taking steps to implement encryption as part of their security along with other measures.
Some of the other companies in the healthcare industry that have recently had records breached include:
UCLA Health: In 2015, this company was the victim of a cyberattack that potentially exposed 4.5 million people’s personal information, including Social Security numbers, medical records, addresses and birthdates. Later in the year, UCLA Health once again reported that a faculty member’s laptop had been stolen — exposing the personal information of 1,242 patients. Similarly, to Premier Healthcare, the laptop was password-protected but not encrypted.
Fairfax County Public School: The health records of 2,000 students were compromised when a laptop was stolen in 2013 from the car of an employee, who had violated protocol by not securely storing the files. Officials for the Virginia school said that the employee was facing disciplinary measures.
Northwestern Memorial Healthcare: More than 2,800 patients were notified that their private health information had been compromised when a laptop was stolen from an employee’s vehicle in 2014. In this case, once again, the laptop was password protected but not encrypted.
The U.S. Department of Health and Human Services Office for Civil Rights has started to take notices of these breaches, penalizing healthcare companies for not taking the steps to secure patient data. and violating HIPAA privacy rules. Among the companies recently fined include the Indianapolis-based Cancer Care Group, which paid $750,000 for HIPAA violations after a laptop was stolen from an employee’s car. In that case, as with many others, the information on the laptop was not encrypted.
Lifeline Data Centers, a colocation center with extensive experience in the IT industry, can help you assess your risks as well as provide guidance on how to protect your business from data breaches. Contact us to learn more.