TRICARE in Trouble Again- More Lawsuits to Face
We’re hardly half-way through 2012, and the year has witnessed a heaving number of data breaches already! Ranging from data theft and negligence to disgruntled employees and carelessness, a wide range of data breaches has been noted so far, and the problem seems to be only growing. Here’s a look at 10 of the largest data breaches reported this year:
- Utah Department of Health- Personal information of nearly 780,000 Medicaid patients and recipients of Children’s health insurance plan in Utah was stolen following a hacker’s access into the server of Utah’s Department of Technology Service. Out of this number, Social Security Numbers of 280,000 were stolen, and some less personal data was stolen from the remaining records. It was reported that the hacker could gain access to these records because of a weak password.
- Emroy Healthcare- This organization in Atlanta reported a data breach on April 18th after 10 backup disks were misplaced. These disks are said to be containing information on 315,000 patients, including surgical patients treated at the hospital. Most of these files also contained social security numbers and other sensitive information such as names, diagnosis, procedure codes etc.
- Department of Health, South Carolina- On April 19, an employee of the department of health at South Carolina was arrested for compiling data on patients and sending them to a private email. Resulting from this act, nearly 22,600 Medicaid ID numbers were taken, and many others’ names, addresses, phone numbers, and birthdates were stolen.
- Howard University Hospital- In March, Howard University Hospital in Washington DC notified potential disclosure of PHI of 34,503 patients which may have occurred in January. It was reported that a password protected laptop containing patient files was stolen from a contractor’s vehicle.
- St. Joseph Health System– The organization alerted 31,800 patients in February of a possible security breach that may have resulted from ‘incorrect’ security settings in the system, which may have allowed for a potential breach.
- Indiana Internal Medicine Consultants– In yet another incident in February, a breach of 20,000 patient records occurred as a result of a laptop being stolen at Indiana Internal Medicine Consultants. The incident was reported after a month and the records were recovered. However, a lawsuit was filed and an arrest was made in this case.
- Our Lady of the Lake Regional Medical Center– In this case a laptop was stolen from a local physician’s office at this medical center in Baton Rouge, LA between March 16th and 20th. The laptop is said to have contained health information of more than 17,000 former ICU patients including their names, ages, races, etc.
- Memorial Healthcare System- In January, this entity in South Florida came to know of two employees who had accessed patient information with fraudulent intentions. 9,497 patients were then notified that their personal information had been accessed.
- The Kansas Department of Aging– In the same month as the previous incident, this organization also reported theft of a laptop computer, flash drive, and paper files from an employee’s car. Social security numbers of nearly 100 patients were stolen and other sensitive information of 7,000 seniors were put at risk. The organization then notified all these patients.
- University of Arkansas for Medical Sciences- This University investigated a breach incident in April after noticing that a document was not properly redacted. It was noted that an unidentified physician had sent out financial information on a patient to an outsider in mid-February without removing patient identifiers such as names, account numbers etc. Nearly 7,000 patients were affected by this breach.
So these were 10 of the largest breaches reported so far this year. The nature of these breaches makes one thing very clear- you cannot avoid a security breach unless you adopt a comprehensive data security system which will ensure that your organization’s data is protected from every possible threat. It should be able to curb security attacks irrespective of whether the attack originates from within your organization or outside. That’s why SecureGRC is the need of the hour. It is a completely automated and integrated security solution that is capable of providing end-to-end protection for your data, thus eliminating all possibilities of data breaches.
Related posts
