5 of the Worst Security Breaches in Healthcare IT

NetgainCybersecurity & Compliance, Healthcare IT, News

With the recent “Heartbleed” scare, IT security is once again a hot topic. As well it should be, for this is nothing new. Data breaches in the healthcare industry have facilitated the need for a renewal of the conversation time and time again. If you don’t believe us, read on, as we take a look at some of the worst healthcare security breaches to date.

1. New York-Presbyterian Hospital/Columbia University

Imagine coming across the personal information of a deceased loved one online. That’s just what happened in 2010, when an individual was able to access not only a loved one’s name, but personal and medical data as well.

An HHS investigation cited a “lack of technical safeguards” that allowed the personal data of 6,800 individuals to be freely accessed over the Internet. NYP and Columbia University share an arrangement whereby CU faculty may serve on staff as attending physicians at the hospital. The breach demonstrated the need for IT security to be at the forefront of consciousness when two entities such as these decide to partner.

Although the breach affected a relatively small number, it resulted in gargantuan fines and an HIPAA settlement of $4.8 million.

2. Eisenhower Medical Center

What’s the easiest way to steal data? Steal the computer it’s stored in. Perhaps the loss of the computer wouldn’t have been so bad if the data on it was encrypted. It wasn’t. As a result, tons of data including patient names, Social Security numbers, and other private information was left up for grabs. To add insult to injury, administration at the California facility failed to realize the computer was missing until three days after the theft occurred.

3. South Shore Hospital

In 2010, the Weymouth, Massachusetts-based hospital shipped three boxes containing a total of about 500 unencrypted data tapes to an archival facility. As with the above scenario, at stake were the names of close to 800,000 patients, their Social Security numbers, financial information, etc. Imagine the horror at the hospital when it was discovered that only one of the boxes had made it to the archivist. To date, the other two are still missing.

4. Health Net, Inc.

One of the largest security breaches affected not a healthcare provider, but a health insurance office. In January of 2011, information on close to two million customers fell into the hands of criminals when nine servers containing the data were stolen. The Woodland Hills, California company procrastinated for two months before reporting the breach.

5. TRICARE Management Activity

We saved the absolute worst for last. TRICARE, a military health care provider in Falls Church, Virginia, lost the backup tapes to close to five million military beneficiary records. A defense contractor for TRICARE reported that in addition to health records, the tapes also contained phone numbers, addresses, Social Security numbers, and other data.

We could fill volumes with stories of IT security breaches such as these. It’s of particular interest to us how many of the hundreds of reported incidents involved unencrypted data.

You wouldn’t leave your car unlocked, as the saying goes. Shall we extend the metaphor to include a car full of documents containing all the personal information of every one of your patients? IT security is not a luxury, and should not be regarded as such. The luxury is the data you have at your fingertips, information that could slip from your grasp as easily as if it were never there at all.

If you’re interested in how to prevent scenarios such as these, please feel free to check out our website at  https://netgaincloud.com/.