Impact and Implications of health Care Data Breaches
Data
breaches in the Health Care Delivery Systems cost more to remediate than in
other sectors. This may be because such incidents affect Thousands of people.
Experts advocate fast response to Cybersecurity breaches is important.
On March
19, 2015, Health IT Security reported that the “Associated Dentists in
Minnesota are notifying patients that their information may have been
compromised” due to recent “incident in which two laptops were stolen.” In this
incident, “one of the devices was encrypted, while the other was
password-protected but not encrypted.” The report said the information on the
devices included: “Names, Addresses, Birthdays, and Social Security numbers. It
was also believed that such information that may have been compromised “included:
Email addresses, Diagnosis, Insurer names and policy numbers, Physician names
and information, and Procedure and billing information.” Health IT Security reported that about “500 individuals’
information may have been affected.” “Under HHS rules, such notification is
required if the breach affects at least 500 individuals” (Snell, Health IT
Security, 5/19).
Another
health care data breach was reported by Health Data Management on November 2013.
Beacon Health System in Indiana notified that “220,000 patients were affected due
to unauthorized multiple access at the delivery system via phishing attack” The
attack affected two hospitals and affiliated physicians. According to
iHealthBeat.com, the following information were compromised: “Names, Birthdays,
Diagnosis, Driver’s license numbers, Patient Identification numbers, Physician
names, Service dates, Treatments, Patient statuses, and other medical
information”
Also on February 19, 2014, Health IT
Security reported that Buffalo Heart Group in New York notified of breach in
information as a result of unauthorized third party access to health information.
The compromised information included: Addresses, Appointment
schedules, Bill information, Dates of birth, Names; and Telephone numbers.
Unity Recovery Group notified the state’s
attorney general on April 2014 of a data breach as a result of unauthorized
disclosure of patient’s personal information. The information breach related
to: Names, Addresses, Dates of birth, E-mail addresses, Insurance Information,
health-related information, telephone numbers and Social Security numbers (iHealthBeat.org.2015,
June 1).
Further, Consolidated Tribal Health Project
in California, Jersey City Medical Center in New Jersey (1,400 patient’s information
were accidentally sent in spreadsheet to an unauthorized recipient), New York
City health and Hospitals (90,000 patients health information were compromised
when a former staff transferred files that contained protected health
information to her personal email account (Becker’s Health IT & CIO Review,
beckershospitalsreview.com, 2015, May- 21).
The impact of these health data breaches is
rising cost of health care delivery. For example, according to iHealthBeat.org
(2015 May-29), in a study released by Ponemon Institute (Modern Healthcare), “the
cost of a health care data breach is $363 per exposed personally identifiable
record, as compared to $154 per exposed record across all industries.” The
implication is that health care goes beyond the reach of the common man.
The remedy is for better risk/threat
management. Information Security Personal in the Health Care Delivery System
have to ensure that the InfoSec policy, regulations, and procedures are constantly
being followed. In addition, with the increasing innovation in IT network
devices, applications, resources and migration to mobile platforms in the
medical sector, there’s need for health care providers to involve IT Security
Professionals and Managers to help plan, manage and secure their systems and
operations from attacks.
References
Newly
reported Health Care Data Breaches Could Affect Thousands. June 1, 2015. December
18, 2015. Retrieved from: http://www.ihealthbeat.org/articles/2015/6/1/newly-reported-health-care-data-breaches-could-affect-thousands
Elizabeth, Snell. Possible Health Data Breaches from Theft,
Unauthorized Access. May 19, 2015. December 18, 2015. Retrieved from: http://healthitsecurity.com/news/possible-health-data-breaches-from-theft-unauthorized-access
Becker’s Health IT & CIO Review. May 21, 2015. December 18,
2015. Retrieved from: http://www.beckershospitalreview.com/healthcare-information-technology/new-york-city-hhs-reports-possible-phi-disclosure-of-90-000-patients.html