Stupid is as stupid does
Stupid is as stupid does

Companies spend a lot of time and money to protect their data from hackers and other malfeasants – and for good reason. But when it comes to the causes of data breaches in health care, don't forget human goof-ups. According to recent findings from a Ponemon Institute patient privacy and data security study, human mistakes account for nearly half of breaches involving protected health information (PHI).

If only there were a firewall to block out stupidity and carelessness. Human frailty is as prevalent a cause as malicious intent, or even more so. Here are just a few real-life data breach samples: 

Rummage bargains: Garage sales are great places for a deal. One customer purchased a filing cabinet chock-full of personal data, including Social Security numbers and home addresses. Thankfully, this bargain shopper left the contents safely with the owner to destroy.  The truth is, many old pieces of furniture may contain data that needs to be destroyed. Could it be yours?

Leaving personally identifiable information (PII) in a car. One organization held an annual drill to assess its preparedness in the face of a breach. Instead of using “test” assets, an employee transported actual data tapes offsite and left them overnight in his car. A thief got details on every payout ever made to people who had sued the company. 

Lost keychain with a memory stick. Flash drives are great portable devices, but they don't belong on key rings – especially if you are a health care employee who transports PHI. The data on that drive is probably more valuable than your Honda.

Private patient records spill from a truck. A shredding truck containing an organization's patient records, with PHI, overturned while driving on a street in small-town USA. Paper records spilled out and flew all over town and into the hands of who-knows-who. 

The irony about these true stories is that, for the most part, organizations try to do the right thing, butthey still experience breaches. The it-won't-happen-to-us attitude is just asking for trouble. Highlighting the mistakes may give us a chuckle, but they can also be a learning experience. Our best advice? Plan for the worst, and hope for the best.