Data breaches continue to confront health care systems

Apr 09th, 2014 / Category: Managed File Transfer

Because of the sensitive nature of medical information, health care organizations require secure file sharing and data management solutions to bolster a comprehensive data security program. Recent data breaches demonstrate that vulnerabilities exist on myriad fronts, from the malicious actions of cybercriminals to accidental negligence on the part of employees. Therefore, medical facilities and other corporations with private, regulated information must do everything they can to cover their bases.

More health care data breaches revealed 
Over the last week, a number of medical facilities announced that their patients' information had been exposed during incidents that compromised private health data. Health IT Security reported that La Palma Intercommunity Hospital recently notified patients about an internal data breach that impacted an unknown number of people. Although the incident occurred in September 2012, the organization is just now revealing the situation, with detail still in short supply.

According to the source, the incident happened when an employee allegedly accessed information that he or she was not authorized to view. The data included Social Security numbers, driver license numbers, birth dates, addresses and some health information. This activity was in violation of the hospital's policy, the news source noted.

More recently, health care giant Kaiser Permanente experienced a HIPAA breach after the organization discovered that one of its research computers was infected with malicious software, Government Health IT reported. The incident impacted around 5,200 patients who were involved in specific research studies, and the data exposed may have included names, birth dates, lab results, medical research information and medical record numbers, the source added. This breach was discovered recently, but analysts believe that the computer had been infected for over two and a half years, pointing to the challenge of detecting a problem and acting promptly to mitigate the consequences. Kaiser representatives told the source that the affected server was not connected to the organization's electronic health records system.

An ongoing concern 
As Government Health IT observed, many HIPAA violations are not the result of high-tech cyber crime initiatives, but rather the effect of more mundane occurrences, such as theft. In fact, theft accounts for around 48 percent of all reported incidents, the source explained. For that reason, encryption and other secure file sharing precautions are critical safeguards.

"Pay attention to encryption, particularly for any devices that can leave the office," Susan McAndrew, the Department of Health and Human Service's Office for Civil Rights deputy director for health information privacy, told HIMSS attendees, according to Government Health IT. "We're interested in protecting the data. You may be interested in protecting the property. We want to turn this into property losses as opposed to data losses."

As iHealthBeat revealed, a number of health care providers around the country have recently alerted patients to data breaches. Ranging from stolen flash drives to data transferred to unsecured servers, these incidents point to the prevalence and persistence of the data security problem. As part of an overall information protection program that includes firewalls, antivirus software, end-user training, policies and protocols, bolstering system infrastructure with solutions like secure file transfer services can help organizations guard against these unfortunate events.