Medical data breaches on the rise

Share this article:
Despite privacy regulations, data breaches are not only becoming more common within the medical community, hospitals and medical centers are slow to report the breaches to patients.

During the month of May, for example, patients at Staten Island University Hospital in New York were told that a computer with their medical records was stolen four months earlier, while information on patients of the University of California San Francisco (UCSF) Medical Center was accessible on the internet. The affected patients were told six months after it was discovered.

One reason medical data breaches are increasing is because more hospitals are integrating electronic records, said Pam Dixon, executive director of the World Privacy Forum.

“Until recently, we were in an era of privacy through obscurity,” Dixon told on Wednesday.

With everything in paper form, it was possible to get information on a patient, but was not easily shared.

The bottom line: What once only a handful of people had access to is now accessible by any number of medical personnel, and not just within the hospital
, said Todd Chambers, chief marketing officer at Courion, a provisioning and access compliance solutions provider.

“Medical information is sent out to lab firms, or patient data needs to be shared with a specialist not part of the hospital system,” Chambers said. “There is a need for more data control in these non-employee relationships.”

In the UCSF situation, the breach highlighted an otherwise little known practice of sharing patient information for fund-raising purposes. Historically, hospitals have always approached “grateful” patients for fund-raising, said Arthur Caplan, a medical and bioethics professor at the University of Pennsylvania in Philadelphia.

“What has changed is better databases with more economic data on patients, families, their businesses, their gift history, etc.,” he said. “More powerful databases represent far greater intrusions into personal privacy.”

Dixon added that the information released by UCSF included department head information, so it was possible to learn about the patient's specific medical condition.

To better protect patient records, Omar Hussain, president and CEO of Imprivata, provider of access management solutions, recommended stronger password systems, as well as stronger enforcement.

When it comes to the discussions between health care and security issues, he added, patient care always comes first. Tighter security over patient records can get in the way of offering swift medical care, so personnel opt for what is easy and quick over what is most secure.

Patients can best protect themselves in several ways, Dixon said.

“Be proactive,” she said. “If you can, be cautious about the hospital or medical center you are visiting. Monitor it for reports of data breaches and how they were handled.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.