Healthcare providers have many responsibilities, not the least of which is protecting its patients and employees' personal data from exposure or theft. Unfortunately, many organizations come up short in this regard.
Such is the case with a large nonprofit healthcare provider in Illinois. As the Chicago Tribune reported, the state's attorney general's office and federal regulators from the Health and Human Services (HHS) Department are investigating a major data breach which recently occurred at the Advocate Medical Group.
The healthcare nonprofit revealed that more than 4 million patients, some dating back to the early 1990s, may have been affected by the breach, according to the news source. Among the exposed information were names, addresses, dates of birth and Social Security numbers, as well as a variety of medical data.
The breach occurred when four desktop computers were stolen from an administrative facility. These computers were not encrypted, and therefore the information they contained may be accessed without authorization, The Chicago Tribune reported.
According to Rachel Seeger, a spokeswoman for the HHS, the department intends to take this investigation extremely seriously.
"[S]ince 2009 we have had a track record of taking a number of very high-profile actions that have sent clear messages to the industry that we expect full compliance with (data) privacy and security rules," she said, according to the news source.
The Chicago Tribune noted that the HHS has collected more than $18.4 million in fines stemming from 16 major data breach incidents.
Additionally, this breach is likely to have a negative impact on Advocate's ability to treat its patients, due to the damage done to the healthcare provider's reputation.
"We understand why patients are anxious and concerned," said Kelly Jo Golson, an Advocate senior vice president, the news source reported. "We deeply regret the inconvenience this incident has caused the patients who have entrusted us with their care."
The public is becoming increasingly aware of the inherent risks when personal, sensitive data is exposed. Cybercriminals can potentially use this information to commit identity theft and fraud, causing a great amount of distress for affected patients.
Data sharing issues
This data breach should serve as yet another reminder of the need for secure file transfer solutions for any organization handling sensitive information, and particularly those in the healthcare field.
As Golson told the news source, this incident could have been prevented if the organization had ensured that the sensitive medical data was not stored on these administrative computers' hard drives.
"This type of data should always be maintained on our secure network," she added, The Chicago Tribune reported.
Yet any large-scale healthcare provider will need to disperse medical data to numerous personnel for a variety of reasons. With secure file transfer solutions in place, this information will remain protected at all times. And because the information becomes more readily available, there is less need to store sensitive data at off-site locations.