We would like to think that our confidential medical records are safe and sound under digital lock and key; however this is not always true.
The security of patient data depends on the diligence of health care groups and the cyber-security measures they put in place. Basic oversights and mistakes can lead to private and confidential patient medical data being made accessible in the public domain, as occured for 7,000 patients in a diagnostic clinical laboratory in Huntsville, Al in 2011.
The business, Diatherix Laboratories, was forced to alert its 7,016 patients that a HIPAA breach led to their data being made available in the public domain for a duration of three years, and during that time outsiders had viewed that information. The breach happened because the patient data was saved on a third party server and which had not been safeguarded The breach occurred in September of 2011, yet the issue was not discovered until July 2014.
This is far from a once-off incident. A Temple University doctor’s office recently revealed that a laptop theft from the premises with data of 3,780 patients saved on its hard drive. A medical center in Utah was hit by thieves who managed to obtain the medical records of 31,677 patients. Memory sticks storing confidential data are lost or stolen, as was recently revealed by Duke University Health System although the volume of lost data was unknown.
In 2010, Columbia University Medical Center and New York-Presbyterian Hospital were hit by cyber security attacks involving the theft of almost 6,800 patient records.
The issue is growing as an increasing number of cybercriminals aim for health care organizations to garner the financial rewards from selling patient data. According to the Department of Health and Human Services (HHS), large scale data breaches impacting more than 500 individuals have now affected some 39 million individuals.
The breaches in security and theft of data are not an issue solely impacting the healthcare sector; any personal identifiable information can be used to obtain false identities. Target and Home Depot have recently experienced cyber attacks and customer data theft.
Electronic records are saved when prescriptions are fulfilled, goods bought and services provided. Insurance claims, medical appointments, optician appointments and dental visits are all recorded and records are stored digitally. Federal HIPAA law means that the government can place stringent controls on how data is stored and by complying with these standards; medical institutions and companies can ensure that data is kept safe. Sadly, even these measures can be insufficient with the volume of targeted attacks now happening.