Jeff Cutler's Keys to Security

Aug 19 2014   3:37PM GMT

Healthy Respect for Security – Medical Data Breaches

Jeff Cutler Jeff Cutler Profile: Jeff Cutler

Stolen data

One of the hats I wore before jumping into my role as freelance writer was as an employee of a rehabilitation facility. This rehab – for physical injuries and ailments – was a small player in the huge sea of hospitals and provider companies. To that end, their systems were hardly interconnected, networked or even digitized. Patient records were stored in a room across from my office and they were walked around the building by doctors, rehab clinicians and even non-medical personnel.

Screen Shot 2014-08-19 at 11.36.46 AM

While it wasn’t a secure process as any one of the people holding a file could dash away with it, the danger was far less than it is today. Now, our records – both financial and health-specific – are online and accessible to anyone who has a key. And the number of people with keys is growing.

Take the latest breach of patient information at Community Health Systems. The incident affects data for 4.5Million patients. Read more details here in the Tennessean. The company is concerned for its data and reputation, and also for the industry as healthcare incidents are growing.

From the article…

While the attack certainly generates negative publicity for the company, CHS says it has insurance for this type of problem. “While this matter may result in remediation expenses, regulatory inquiries, litigation and other liabilities,” the SEC report said, “at this time, the Company does not believe this incident will have a material adverse effect on its business or financial results.”

The breach is a relatively large one for the health care industry, according to BitSight’s Turner, who added that CHS seems to be communicating about it appropriately.

Criminal attacks on health care companies have become common, according to a March 2014 report by data security research firm the Ponemon Institute, which said those types of hacks have risen 100 percent since the company completed the first study in 2010. Furthermore, the study said, about 90 percent of the facilities surveyed had experienced at least one data breach within the past year.

In this case, the hack came from China and short of keeping systems sandboxed or upping the security protocols, there’s not a lot CHS could have done. Though in my mind, they should have done both. How widely available do medical records and financial pieces of medical records need to be? Who should have access at any one time to this stuff? And why?

Screen Shot 2014-08-19 at 11.32.22 AM

Yes, if a person is injured and can’t provide information to healthcare professionals in an emergency, it’s vital to have that information accessible. But isn’t it time we found a way to protect the huge packages of info that travel along with each of us. You might need to know what I’m allergic to, but you don’t need to know I paid my co-pays with my Discover Card? And you certainly don’t need to know other financial information to provide life-saving care.

I’m wondering where so many healthcare (and other) companies have stored their common sense. It surely wasn’t with their medical records or else we’d be seeing lots more of it.


 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: