Wednesday, October 09, 2013
St. Louis-based healthcare firm experiences data breach due to email scam
In St. Louis, a healthcare provider experienced a significant data breach due to an email scam.
Secure File Transfer
It seems that no matter how many data breaches are reported in the news, many organizations still have yet to take this threat seriously by investing in high-end data protection solutions, such as secure file transfer tools, or improving their data-handling policies. This lack of sufficient preparation is particularly problematic for firms that are responsible for using and protecting large amounts of sensitive client data, such as healthcare providers.
The most recent example of such a shortcoming occurred in St. Louis, where a healthcare provider experienced a significant data breach due to an email scam.
KDSK.com reported that approximately 3,000 patients and employees have been alerted to the possibility that their personal information may have been exposed in this breach. Included among this data were 200 Social Security numbers and a variety of protected health information (PHI).
All affected individuals have been alerted and are being provided with one free year of credit monitoring and identity theft protection by the healthcare organization.
The news source noted that this breach occurred in August, when a number of the healthcare provider's employees fell victim to an email phishing scam. The exact nature of this attack was not made clear, but ultimately 20 email accounts were compromised in this incident.
This breach highlights the risk that healthcare providers face when it comes to data sharing. Employees, including doctors, clinicians and administrators, need to regularly send and receive patients' medical and financial data in order to do their jobs. Yet as this information is made more readily available to authorized personnel, the risk of a breach or exposure also increases. As this case demonstrated, firms that lack robust, dependable defenses may find themselves unprepared to withstand sophisticated attacks.
Investing in and utilizing advanced secure file transfer solutions can help to mitigate these risks. These solutions enable employees to distribute sensitive data without increasing the danger of a breach, as the information remains fully protected even while in transit.
However, it is important to note that these solutions will only be effective if they are embraced and leveraged by employees. To this end, the tools selected must be not only secure, but also easy to use, so as to maximize worker adoption. Additionally, employees should be trained to follow best practices in all aspects of sensitive data handling.