Healthcare System Coughs Up Data on Well Over 30 Million Patients

Posted on September 8th, 2014 by Dan Rampe

Healthcare

In the Last 5 Years, 944 Major Health Breaches Affected 30.1 Million Patients

The U.S. Department of Health and Human Services (HHS) defines a major breach as one that affects at least 500 people. So NOT included in the 30.1 million patients are, for example, the 165,135 patients in 21,194 smaller breaches (that’s only for 2012). Also not included were the 4.5 million patients affected by the recent Community Health Systems data breach.Hey, but who’s counting? Usually this is a snide rhetorical question. But in actuality, the Washington Post‘s “Wonkblog” is counting or rather analyzing HHS numbers.

The following has been excerpted from a piece on californiahealthline.org and edited to fit our format. You may find the full article at this link.

According to [the] “Wonkblog” analysis of the data, the types of reported data breaches include:

  • Medical record theft, which has affected 17.4 million individuals
  • Data loss, which has affected 7.2 million individuals
  • Hacking, which has affected 3.6 million individuals
  • Unauthorized access accounts, which has affected 1.9 million individuals

Cost of data breaches

Overall, data breaches cost the industry $5.6 billion per year, according to a Ponemon Institute report (Millman, “Wonkblog,” Washington Post, 8/19).

CIOs take action

In response to recent high-profile data breaches, some healthcare CIOs are altering the way their organizations approach cybersecurity, the Wall Street Journal‘s “CIO Journal” reports.

Specifically, CIOs said they are:

  • Hiring new, security-focused staff
  • Implementing new security processes
  • Installing new security software
  • Meeting with their boards more consistently

Further, some CIOs said they are trying to protect against data breaches through internal training programs that aim to help staff recognize potential threats (Boulton, “CIO Journal,” Wall Street Journal, 8/19).

Community Health Systems 2nd largest HIPAA breach

The incident is the second largest HIPAA breach…and the largest hacking-related HIPAA data breach ever reported, according to data from the Office for Civil Rights (Kutscher, Modern Healthcare, 8/18).

Heartbleed bug leaves healthcare providers open to attack

Security experts said the Heartbleed computer bug could leave hospitals’ and providers’ online networks — including email accounts, electronic health records and remote monitoring devices — vulnerable to attack.

David Harlow, principal of health care law Harlow Group, warned that health groups that do not rely on OpenSSL should be worried about ramifications of the massive breach (California Healthline, 4/15).

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

Breaches Bad for Californians’ Health. Patients’ Personal Medical Record Data Stolen in 3 Separate Incidents

Posted on April 19th, 2014 by Dan Rampe

Healthcare

Old-fashioned burglary to cutting-edge malware put patients’ data at risk from one end of California to the other.

The Los Angeles Times reported that Torrance, California’s Sutherland Healthcare Solutions, a medical billing and collections company, was burglarized and eight computers taken. Data stored on those computers included 338,700 patients’ first and last names, Social Security numbers and certain billing information. Also possibly compromised were birth dates, addresses and diagnoses.

Patients were offered free credit monitoring. That didn’t stop the filing of three class-action suits. Meanwhile, the police, the L.A. County D.A.’s cybercrime team and the U.S. Secret Service are investigating.

Writing on fiercehealthit.com, Ashley Gold reports that in Orange County, the La Palma Intercommunity Hospital learned in September 2012 that an employee, who was not authorized, accessed Social Security numbers, driver’s license numbers, addresses, birth dates and some medical information. However the hospital didn’t notify patients of the employee’s spying for more than a year.

At the other end of the state, in Northern California, Kaiser Permanente told 5,100 patients, who participated in a research study, that their information was compromised when malicious software infected a Kaiser server. The stolen data included first and last names, addresses, race/ethnicity, medical record numbers, lab results and responses to the study. And, according to Government Health IT, it took Kaiser more than two and half years to discover the breach.

A recent report by IT security audit firm Redspin noted that more than 7 million patient records were breached last year, an increase of 138 percent from 2012.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.