Healthcare Breaches Vary Wildly In Cause
By Megan Williams, contributing writer
Breaches come in all shapes and sizes, as do ways to prevent them.
Health data breaches have become almost commonplace, likely because health systems serve as generally easy targets with much more valuable information in comparison to systems in other industries. In all their ubiquity though, it’s a mistake to believe this industry’s breaches don’t vary wildly in cause, target, and implication.
Heartbleed Did It
Heartbleed (and its ugly evolution into Cupid) is blamed for the loss of 5.4 million patients’ data from Community Health Systems last year – a breach that could cost the system between $75 and $150 million according to Forbes. The system is now in the process of sending letters to patients, offering free credit monitoring.
Change Your Passwords
Just this month, Healthcare.Gov noticed a breach that occurred on August 25th. A spokesperson for the site maintains that no personal information was accessed, and that only test servers were affected, but the details around the breach are still troubling. The default password on the server had never been changed, the server itself was not subject to security scans, and the test servers were connected to the Internet. The attack apparently was not targeting healthcare.gov specifically, but instead was a victim of a larger DDoS attack resulting in malware being downloaded onto the server.
You’ve Got Mail (Or Not)
Again in August, Jersey City Medical Center patients received the unsettling news that the hospital had lost a CD containing unencrypted, sensitive PHI. The breach shed light on a state healthcare system that has left patient information jeopardized in significant ways since 2009 – a record 850,000 patients compromised in 2013, 14 breaches involving 17 different facilities and almost a million patients, and Horizon Blue Cross Blue Shield losing two, unencrypted laptops to theft from their Newark headquarters.
Tackling Breaches
While all breaches differ in their own way, they do follow some very specific and predictable patterns. iHealth Beat reports types of breaches include:
- medical record theft, which has affected 17.4 million individuals
- data loss, which has affected 7.2 million individuals
- hacking, which has affected 3.6 million individuals
- unauthorized access accounts, which has affected 1.9 million individuals
These patterns can be met and countered with a bit of proactive effort on your part, including actions like:
- following basic security protocols and manufacturer recommendations for hardware and software
- hiring security-focused staff
- keeping security processes fresh and in-line with current threats
- keeping security software up to date
- meeting with boards and internal leadership consistently
Going Deeper
Interested in learning more? Sign up for our webinar, The Anatomy Of A Health Data Breach. The 60-minute presentation, sponsored by ClearDATA, will take place on October 8, 2014 and will examine the root causes behind data breaches, as well as provide tips and advice on how to improve breach defenses.