TRICARE in Trouble Again- More Lawsuits to Face
Since September 2009, the federal tally of major health breaches has grown significantly to a total of 1,074 incidents affecting 33.7 million individuals. In the last month alone, 30 incidents were added to the list. These incidents clearly reflect the wide range of risks that healthcare organizations have to battle with. Out of the recent major breaches one was a hacking incident, and another was an insider breach. One of the breaches also involved wrong mailing of letters. But the most striking fact is that loss or theft of unencrypted computing devices continues to be the most common cause of breach incidents, despite repeated warnings about the need to encrypt health data. Lack of encryption has caused numerous breaches affecting 500 or more individuals.
The Culprits Causing Breaches
Hacking
Hacking has been the cause of at least 89 major breaches since 2009 according to HHS. However, security experts believe that these incidents are becoming much more common than before and are posing bigger threats.
The hacking incident at Montana Department is one of the largest breaches added to the Federal tally in late July. The tally lists the incident as a major breach which affected 1.06 million individuals. The department has notified 1.3 million individuals about the breach, and investigation is still in progress. Although this hacking incident was confirmed in May, it is believed that the hacking itself may have started far back in July 2013. Following the incident the Montana Department has implemented additional firewall software and is working towards improving their security systems. The potentially compromised information in this incident includes names, addresses, dates of birth, and Social Security Numbers of the department clients. It is also believed that the server may have included details on the health assessments, diagnoses, treatment, health conditions, prescriptions, and insurance. All affected individuals in this incident have been offered free credit monitoring for one year.
Insider Threats
Breaches involving insiders are also a growing concern. Inappropriate access to patient records for a variety of reasons including snooping, to those with more malicious intent such as identity theft and financial fraud are also becoming increasingly common. These insider threats have been growing substantially, especially with digitally stored patient information on the rise.The third largest incident added to the federal tally last month involved an insider breach affecting 97,000 current and former patients of NRAD Medical Associates, a radiology practice in Long Island, NY. Similarly, mistakes involving paper documents and unauthorized access by insiders have also been posing a huge threat. For example, an incident at St. Vincent Breast Cancer in Indianapolis involved a clerical error that led to mailing of letters containing personal health information to the wrong recipients. This incident affected nearly 63,000 individuals.
Lack of Encryption
This has been identified as one of the predominant causes of breach incidents time and again. In a recent breach involving a vendor that provides patient billing and collection services to the Los Angeles County departments of health services and public health, eight unencrypted desktop computers were stolen from the office of a business associate. This incident affected more than 342,000 individuals. These stolen computers are believed to contain personal information including patient names, Social Security Numbers, and billing information, in addition to dates of birth, addresses, diagnoses, and other medical information. While the affected individuals have been offered one year free credit monitoring service, the Los Angeles County continues to face several class action lawsuits.
Breaches caused due to lost or stolen unencrypted devices have been repeatedly pointing to the value of encryption. With the increased use of portable devices and BYOD in healthcare coupled with lack of encryption the problem only seems to be worsening.
Keeping Threats at Bay with Periodic Risk Analysis
As healthcare data breaches continue to increase in number, there is also more clarity on the main causes of these breaches. This knowledge should be used by healthcare entities to mitigate security risks and curb threats before they harm systems and businesses. Periodic self-assessment and risk analysis, are therefore crucial to preventing breaches in every healthcare entity. This can help bring about better control over data and help address threats before it is too late. Comprehensive security solutions such as Aegify Security Posture Management, Aegify SecureGRC or Aegify Risk Managementalso offer a number of benefits and provide the ideal platform to completely secure healthcare data throughout their lifecycle.
Related posts
This is a comment to the admin. I came to your The Culprits behind Health Data Breaches | Aegify page by searching on Google but it was difficult to find as you were not on the first page of search results. I know you could have more traffic to your website. I have found a site which offers to dramatically improve your rankings and traffic to your site: http://s.beautheac.net/4z I managed to get close to 500 visitors/day using their services, you can also get many more targeted traffic from search engines than you have now. Their service brought significantly more visitors to my site. I hope this helps!