CALIFORNIA COMPUTER AND DATA THEFT http://www.utsandiego.com/news/2012/jan/25/tp-leaky-records/
C3
leaky records
Health care industry’s conversion to digital has led to flood of patient data being compromised or stolen
By NICOLE PERLROTH NYT NEWS SERVICE
12:01 a.m., Jan. 25, 2012
Also of interest
32%
Rise in the number of reported breaches in 2011 from the year before. They cost the health care industry an estimated $6.5 billion in 2010.
One afternoon last spring, Micky Tripathi received a panicked call from an employee. Someone had broken into his car and stolen his briefcase and company laptop along with it.
So began a nightmare that cost his small nonprofit health consultancy nearly $300,000 in legal, private investigation, credit monitoring and media consultancy fees.
Tripathi’s nonprofit, the Massachusetts eHealth Collaborative in Waltham, Mass., works with doctors and hospitals to help digitize their patient records. His employee’s stolen laptop contained unencrypted records for 13,687 patients — each record containing some combination of a patient’s name, Social Security number, birth date, contact information and insurance information — an identity theft gold mine.
His experience, which proved costly, was hardly uncommon. Large-scale medical data breaches have been on the rise in recent years.
As part of the 2009 stimulus bill, the federal government provides incentive payments to doctors and hospitals to adopt electronic health records.
Nearly 40 percent of U.S. primary-care doctors and about 25 percent of hospitals now use electronic patient records.
An unintended consequence is that as patient records have been digitized, health data breaches have surged as hospitals adopt electronic medical records and mobile technology without spending enough on security to ensure patient privacy.
The number of reported breaches was up 32 percent in 2011 from the year before, according to the Ponemon Institute, a Michigan-based information-security research group.
Those breaches cost the industry an estimated $6.5 billion in 2010. In 49 percent of the cases, lost or stolen phones or personal computers were responsible.
Fifty-three percent of the organizations surveyed by the group said that inadequate funding was the biggest barrier to preventing data breaches.
Fallout can be severe
When mistakes occur, the fallout can be more severe than the typical breach of email addresses or credit card numbers.
In the wrong hands, health records also can be used for blackmail and public humiliation. The information can also be used by insurance companies to inflate rates, or by employers to deny job applicants.
Tripathi, of Massachusetts eHealth Collaborative, didn’t find the stolen laptop, and the incident cost his nonprofit $288,000 — not to mention 600 hours dealing with the fallout and the intangible cost of repairing the reputational damage that followed.
In many ways, it got off easy. In October, a desktop computer containing unencrypted records on more than 4 million patients was stolen from Sutter Health, a nonprofit health system based in Sacramento. A rock was thrown through a window to gain access to the computer. The theft is now the subject of two class-action suits, each of which seeks $1,000 for each patient record breached.
The stolen computer did not contain patient financial records, Social Security numbers, health plan identification numbers or actual medical records, Sutter said.
Many major breaches
Since federal health care data-breach notification rules took effect in 2009, Health and Human Services records show that the Sutter theft was exceeded only when the U.S. military’s health insurance program lost backup tapes in September containing information on more than 4.9 million patients.
C3
leaky records
Health care industry’s conversion to digital has led to flood of patient data being compromised or stolen
By NICOLE PERLROTH NYT NEWS SERVICE
12:01 a.m., Jan. 25, 2012
Also of interest
32%
Rise in the number of reported breaches in 2011 from the year before. They cost the health care industry an estimated $6.5 billion in 2010.
One afternoon last spring, Micky Tripathi received a panicked call from an employee. Someone had broken into his car and stolen his briefcase and company laptop along with it.
So began a nightmare that cost his small nonprofit health consultancy nearly $300,000 in legal, private investigation, credit monitoring and media consultancy fees.
Tripathi’s nonprofit, the Massachusetts eHealth Collaborative in Waltham, Mass., works with doctors and hospitals to help digitize their patient records. His employee’s stolen laptop contained unencrypted records for 13,687 patients — each record containing some combination of a patient’s name, Social Security number, birth date, contact information and insurance information — an identity theft gold mine.
His experience, which proved costly, was hardly uncommon. Large-scale medical data breaches have been on the rise in recent years.
As part of the 2009 stimulus bill, the federal government provides incentive payments to doctors and hospitals to adopt electronic health records.
Nearly 40 percent of U.S. primary-care doctors and about 25 percent of hospitals now use electronic patient records.
An unintended consequence is that as patient records have been digitized, health data breaches have surged as hospitals adopt electronic medical records and mobile technology without spending enough on security to ensure patient privacy.
The number of reported breaches was up 32 percent in 2011 from the year before, according to the Ponemon Institute, a Michigan-based information-security research group.
Those breaches cost the industry an estimated $6.5 billion in 2010. In 49 percent of the cases, lost or stolen phones or personal computers were responsible.
Fifty-three percent of the organizations surveyed by the group said that inadequate funding was the biggest barrier to preventing data breaches.
Fallout can be severe
When mistakes occur, the fallout can be more severe than the typical breach of email addresses or credit card numbers.
In the wrong hands, health records also can be used for blackmail and public humiliation. The information can also be used by insurance companies to inflate rates, or by employers to deny job applicants.
Tripathi, of Massachusetts eHealth Collaborative, didn’t find the stolen laptop, and the incident cost his nonprofit $288,000 — not to mention 600 hours dealing with the fallout and the intangible cost of repairing the reputational damage that followed.
In many ways, it got off easy. In October, a desktop computer containing unencrypted records on more than 4 million patients was stolen from Sutter Health, a nonprofit health system based in Sacramento. A rock was thrown through a window to gain access to the computer. The theft is now the subject of two class-action suits, each of which seeks $1,000 for each patient record breached.
The stolen computer did not contain patient financial records, Social Security numbers, health plan identification numbers or actual medical records, Sutter said.
Many major breaches
Since federal health care data-breach notification rules took effect in 2009, Health and Human Services records show that the Sutter theft was exceeded only when the U.S. military’s health insurance program lost backup tapes in September containing information on more than 4.9 million patients.
Posts
No comments:
Post a Comment