Healthcare Data Breach Report: June 2015
This month’s healthcare data breach report looks a lot healthier than May; a particularly bad month for data breaches, with over 1.1 million records exposed in 18 security incidents. June could be considered a relatively good month for the healthcare industry in terms of records exposed, although more security incidents were reported in June than May, and numbers have not changed much year on year. 21 breaches were reported in June compared to 23 last year. In total, 159,231 records were reported as being exposed during the month. In June 2014 the figure stood at 252,873, and in June 2013, only 46,713 records were compromised. Quarterly Figures Show Little Has Changed Since 2014 Data breach figures for the second quarter of 2015 differ only by one incident from this time last year. Data breaches continue to be experienced at the same rate, in spite of improved protections being put in place by healthcare providers. It would appear it is only possible to maintain pace with malicious insiders and outsiders. Figures for the quarter indicate 750,000 more data breach...
PHI Falls from Sky at Soccer Parade
The U.S. Women’s World Cup Soccer champions toured NYC celebrating their historic win, and were treated to a shower of confetti, some of which appeared to be made from medical prescription records. One local resident noticed the confetti contained writing and upon closer inspection, realized it was Protected Health Information. The confetti was photographed and uploaded to twitter, with the story being picked up by 12WMAZ. According to the finder, the data included the patient’s name, treating physician and the address of the location where the prescription was provided; information covered by the Health Insurance Portability and Accountability Act. HIPAA requires all holders of PHI to follow strict rules governing the disposal of PHI. All data must be destroyed and rendered unreadable and undecipherable before disposal. Each year confetti is purchased for the Thanksgiving Day parade, with the official contract given to Atlas Packaging Company this year. An order was placed for confetti made from strip-cut, blank news roll. Two tons of confetti was ordered, delivered and...
Study Highlights Importance of Conducting Regular Malware Scans
Concentrating resources on improving protections for computer networks will make it harder for hackers to gain access to protected data; however, according to a report from Vectra Networks, there is a high probability hackers are already inside. In a recent security test, all computer networks analyzed showed some evidence of a targeted intrusion having already taken place. Vectra analyzed the computer networks and end point devices of 40 enterprises, and each network was found to include some indicators of a targeted attack, regardless of the size of the network. Over a quarter of a million devices were analyzed by the network security company as part of the study. Stages of a Malware Attack Infection The first stage involves infection of a PC or other device, using a targeted attack such as a spear phishing campaign, or a more random means of spreading the malware: Infecting websites for example. Once code has been downloaded onto a target machine, hackers can start to make changes to the system. Command and Control The first phase of the attack proper occurs when a foothold in a...
2015 Most Wired Benchmarking Survey Reveals Data Security is Main Focus for Hospitals
Each year the American Hospital Association (AHA) assesses the state of health IT by conducting a survey of U.S hospitals. This week the results of the 17th Annual Healthcare’s ‘Most Wired’ Survey were published. The survey data show hospitals are serious about data security, with theft prevention and breach detection at the top of many hospitals’ priority lists for the year. After analysis of the responses, the “Most Wired” hospitals, those that had reached the required standard of health IT planning and implementation, were crowned winners. 338 hospitals qualified for consideration, with the results of the vote announced and published in the July issue of Hospitals & Health Networks magazine. Healthcare’s ‘Most Wired’ Survey The benchmarking survey measures the pace of information technology adoption in the healthcare industry, and examines how IT is being leveraged to improve quality and safety, business and administrative management processes as well as clinical integration and interoperability. The VMware-sponsored survey was conducted in partnership with...
HIPAA-Altering Cures Bill Passed by House of Representatives
The controversial 21st Century Cures Bill was unanimously passed by the House Energy and Commerce Committee in May, and on Friday July 10, 2015, the U.S House of Representatives passed the Bill with a count of 344 to 77. 21st Century Cures Bill to Remove Obstacles in the Way of Medical Research Medical research and innovation is being hampered by HIPAA, according to proponents of the 21st Century Cures Bill. The new Act aims to remove these and other barriers, to help advance America’s search for new ways to tackle the advance of superbugs, antibiotic-resistant bacteria and the deadly viruses now threatening the health of U.S citizens. The Cures Bill has received some criticism in its short history. Privacy advocates object to the wide range of data that can potentially be shared; information currently under the protection of HIPAA. It is feared that the bill could weaken HIPAA protections if it becomes law. If that happens, HIPAA Rules would certainly need to be changed. HIPAA Changes Necessary as a Result of the Cures Bill At present, the HIPAA Privacy Rule restricts the use and...



