Christine Arevalo, director of health care identity management at ID Experts
July 02, 2012
Opinion

Stupid is as stupid does

Stupid is as stupid does
Stupid is as stupid does

Companies spend a lot of time and money to protect their data from hackers and other malfeasants – and for good reason. But when it comes to the causes of data breaches in health care, don't forget human goof-ups. According to recent findings from a Ponemon Institute patient privacy and data security study, human mistakes account for nearly half of breaches involving protected health information (PHI).

If only there were a firewall to block out stupidity and carelessness. Human frailty is as prevalent a cause as malicious intent, or even more so. Here are just a few real-life data breach samples: 

Rummage bargains: Garage sales are great places for a deal. One customer purchased a filing cabinet chock-full of personal data, including Social Security numbers and home addresses. Thankfully, this bargain shopper left the contents safely with the owner to destroy.  The truth is, many old pieces of furniture may contain data that needs to be destroyed. Could it be yours?

Leaving personally identifiable information (PII) in a car. One organization held an annual drill to assess its preparedness in the face of a breach. Instead of using “test” assets, an employee transported actual data tapes offsite and left them overnight in his car. A thief got details on every payout ever made to people who had sued the company. 

Lost keychain with a memory stick. Flash drives are great portable devices, but they don't belong on key rings – especially if you are a health care employee who transports PHI. The data on that drive is probably more valuable than your Honda.

Private patient records spill from a truck. A shredding truck containing an organization's patient records, with PHI, overturned while driving on a street in small-town USA. Paper records spilled out and flew all over town and into the hands of who-knows-who. 

The irony about these true stories is that, for the most part, organizations try to do the right thing, butthey still experience breaches. The it-won't-happen-to-us attitude is just asking for trouble. Highlighting the mistakes may give us a chuckle, but they can also be a learning experience. Our best advice? Plan for the worst, and hope for the best.

From the July 2012 Issue of SCMagazine »
Related Articles
Related Topics
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Spotting the "black swans" of security

Spotting the "black swans" of security

How can it be that firms can feel confident in their security technology investments and their people, yet ultimately still believe that they remain at great risk?

Me and my job: Blake Frantz, Center for Internet Security

Me and my job: Blake Frantz, Center for ...

A brief Q&A with Blake Frantz, director of benchmark development, security benchmarks division, Center for Internet Security (CIS).

BlackBerry back in the game

BlackBerry back in the game

Thanks to BYOD, gone are the days of one single mobile device manufacturer or model to support, says Dimension Data Americas' Darryl Wilson.