Ponemon: 48% of Healthcare Organizations Suffered a PHI Breach in the Past Year
A study recently published by the Ponemon Institute has revealed that almost half of healthcare organizations (48%) have experienced a data breach in the past 12 months that has resulted in the loss or exposure of the protected health information of patients. The survey, conducted on behalf of software security firm ESET, asked 535 IT security professionals questions about cyberattacks on their organizations, the consequences of those data breaches, and cybersecurity concerns. The survey provides an insight into the current state of healthcare cybersecurity, the effect data breaches are having on healthcare organizations, and the seriousness of the current threat level. Cyberattacks on healthcare organizations are now taking place at a rate of one every month. Hackers were able to evade intrusion prevention systems (IPS) at 49% of organization surveyed, while 37% of respondents said cyberattackers had evaded detection by their antivirus protections and other traditional security measures. A quarter said they were unsure if that was the case. Protections against advanced persistent...
VA Information Security Report for January Released
The Department of Veteran Affairs has released its monthly report to congress detailing the privacy and security incidents reported in January, 2016. 44% more veterans were affected by privacy and security incidents in January 2016 than in December last year. 568 individuals were affected in January, resulting in 271 notification letters being sent. 297 individuals were offered credit protection services to mitigate risk after their personal information was accidentally disclosed. Breaches of protected health information fell slightly month on month. In December, 240 veterans’ PHI was exposed. 236 veterans had their PHI exposed or disclosed last month. The number of lost and stolen device incidents was virtually unchanged with 46 incidents reported in January compared to 47 in December, while the number of mis-mailed incidents fell by 17% with 141 incidents reported this month compared to 169 in December. There was an 18% increase in the number of lost PIV cards with 154 cards reported lost in January, and a 55% increase in the number of mishandled incidents with 121 incidents...
Patients Warned of PHI Exposure After Premier Healthcare Laptop Theft
More than 200,000 patients have been warned that their protected health information has potentially been accessed after an unencrypted laptop computer was stolen from Premier Healthcare in Bloomington, Indiana. The laptop computer was protected with a password and is not believed to have been stolen for the data stored on the device. Those data include the names of patients, Social Security numbers, and “other confidential information,” including demographic data, dates of birth, addresses, financial information, insurance details, medical record numbers, and clinical information. Documents stored on the device included PDF files, spreadsheets, and screenshot images used by the billing department. In total, 205,748 patients have potentially been affected. Passwords offer a degree of security but they can be cracked. There is a possibility that the data stored on the device could potentially be accessed. Consequently, Premier Healthcare has sent breach notification letters to all affected patients. Under HIPAA Rules, covered entities must issue breach notification letters to...
21st Century Oncology Advises 2.2M Patients of Hacking Incident
In October, a hacker gained access to a patient database at 21st Century Oncology containing insurance data and Social Security numbers of patients. The incident is not of the order of the breaches at Anthem, Excellus BCBS, or Primera Blue Cross, but it does rank as one of the largest healthcare data breaches of 2015. On March 4, 2016, a regulatory filing was issued to the United States Securities and Exchange Commission indicating 2.2 million current and former patients were affected and potentially had their data copied and stolen. 21st Century Oncology, which operates 145 cancer treatment centers in the United States, was alerted to the hacking incident on November 13, 2015., by the Federal Bureau of Investigation. An internal investigation into the data breach was immediately launched by 21st Century Oncology; however, the FBI requested that patient notification letters be delayed so as not to interfere with its investigation. The investigation is ongoing, although the requested period of delay has now expired. Patients are now being sent notification letters to advise them of...
Nursing Home Residents’ PHI Accidentally Disclosed by Iowa DHS
Protected health information of 425 nursing home patients has been accidentally mailed to 12 nursing home facilities by the Iowa Department of Human Services. The HIPAA breach occurred in December 2015, although it was not discovered by Iowa DHS until January 22, 2016. Last month, all affected patients were sent a breach notification letter alerting them to the accidental disclosure of their data. According to Iowa DHS, it is unlikely that any patient data have been used inappropriately as they were sent to another HIPAA covered entity. The privacy breach occurred when Iowa DHS’ Medicaid Enterprise Medical Services department sent roster reports to the nursing homes. Those reports contained the names, Medicaid identification numbers, insurance or government program information, and the facility where each patient currently resides. Upon discovery of the breach, Iowa DHS contacted all 12 nursing facilities and instructed them to shred the data they had received. All facilities have now confirmed that the data have been securely destroyed. Medicaid Director Mikki Stier issued a...



