2014 Likely to See Surge in HIPAA Data Breaches
A new report released by the Experian credit bureau predicts that 2014 is likely to be a major year for data breaches, with a surge in numbers expected over the course of the year. The report also predicts the healthcare industry will be hit hard. The report says that the reason healthcare is so susceptible to attack is the sheer size of the industry. There is what the report calls an “expanded attack surface for breaches,” due to new EHRs and Health Insurance Exchanges (HIEs), while the value and volume of data held hakes healthcare providers attractive targets for cyber criminals. Experian offers credit monitoring services, but also assists customers to recover from data breaches. The company indicated that 46% of data breaches that it dealt with last year were from the healthcare industry. The report cites a number of reasons why data breaches are expected to rise, and indicates it is mainly due to the huge organizational infrastructure changes that are required under the Affordable Care Act, HIPAA, HITECH and other legislation together with general unpreparedness, a huge number...
Horizon Blue Cross Blue Shield Announces 840K HIPAA Breach
The theft of two laptops from the Newark headquarters of New Jersey’s largest health insurer – Horizon Blue Cross Blue Shield – has potentially resulted in the health data of almost 840,000 individuals being exposed. The two devices were stolen from its offices on the eighth floor of 3 Penn Plaza at some point over the weekend of 1-3 Nov, 2013. The theft was discovered on Monday Nov 4, when employees returned to work and the theft was immediately reported to the police. In accordance with the Health Insurance Portability and Accountability Act, Blue Cross Blue Shield had implemented physical controls to secure the two Apple MacBook Pros, which were locked with security cables to employee’s workstations. The cable locks were reported to have been tampered with and had been damaged allowing the laptops to be stolen. HIPAA also demands healthcare providers implement the appropriate technical safeguards to keep health data secure. While the devices were protected by passwords, they contained unencrypted Protected Health Information which breaches HIPAA Privacy and Security...
University of Washington Medicine Notifies 90K Patients of Potential HIPAA Breach
An October security breach potentially exposed personal information and Social Security numbers of 90,000 patients of the University of Washington Medicine (UW Medicine) according to a recent breach announcement issued by the healthcare provider. The breach was caused when a malware infection took control of an employee’s computer after an infected E-mail attachment was opened. While the incident is not believed to be a targeted attack, the malware potentially could have accessed Protected Health Data and personal identifiers stored on the computer and given hackers access to that data. Affected individuals had previously received medical services at UW Medicine’s Harbourview Medical Center and/or its Washington Medical Center. The data compromised includes patient names, addresses and phone numbers as well as dates of birth and social security numbers. Clinical data was also stored on the computer and details of treatments received could also potentially have been accessed. The breach was identified promptly and the malware was only active for a day, and given the fact that this...
Employee Snooping is the Most Common Cause of HIPAA Security Breaches
The theft of mobile devices may result in the largest exposures of Protected Health Information; however the most common cause of HIPAA security breaches is small scale snooping by employees, according to a study conducted by Veriphyr Identity and Access Intelligence. The study asked healthcare providers about the security breaches their organizations had suffered, with 70% of the survey respondents claiming to have experienced at least one security breach. 35% of those respondents attributed the breaches to unauthorized access by employees. Snooping was the largest single cause of exposure of patient health information according to the survey with 27% of having experienced a breach when an employee viewed medical records of friends and family, while 35% occurred when employees checked the medical records of their work colleagues. The survey was conducted on medium to large healthcare organizations; however there is no reason to suggest that small healthcare organizations do not suffer data breaches of a similar nature. Employee Snooping is a HIPAA Violation Unauthorized accessing...
Data Issue Arises From Home Diabetes Test
On 26th September, Lori Stein visited Cotton-O’Neil Diabetes and Endocrinology Center in Topeka and met with an endocrinologist for a checkup. Lori Stein´s checkup was routine to monitor her diabetes, but during her consultation she asked if she could have a home test glucometer. A nurse brought her a sample glucometer and some test strips and handed her two boxes. When she returned home she noticed a slip of paper between the boxes and started to read it thinking it was a print out of her consultation. The page contained data on her health conditions and listed her as suffering from severe obesity, which was incorrect. She also noticed other diagnoses and treatments which she had not had and when she read the page more closely she noticed the patient details written at the top of the page were not her own and that she had been given the page by mistake. The data printed at the top of the page included the patients name, address, medical diagnoses, treatment details and general information such as age, height, weight and allergies suffered. Since Lori had previously been a...



