Providers of healthcare often have access to more than the credit card information of their patients. Social security numbers, addresses, and sensitive medical data are all stored by healthcare providers. Inefficient or ineffective protective measures can be devastating to patients.
Data breaches and the related theft of sensitive information caused a big fervor among consumers as coverage in the media as well as social media outlets demonstrated. This is particularly the case when these security fiascos occurred to companies such as Ashley Madison, the dating site for those who are married but who want to have an affair, as well as retailers like Target, eBay and credit card companies like Citibank. However, as the data breach that struck health care giant Anthem in 2015 demonstrated, even personal health information is not safe from unsavory hackers.
A Data Breach of a Different Sort
Breaches of sensitive information by outsiders who seem to target organizations for their record pools of millions of credit card numbers, social security numbers and other personal data are not the only threats that organizations need to guard against as Denton Heart Group discovered in early January of this year. The Texas-based healthcare provider, who is a member of the Heath Texas Provider Network, indicated that nearly 22,000 individuals were impacted by its security breach.
So what made the breach experienced by Denton Heart Group different than those that befell the other companies noted previously? This healthcare provider’s breach was the result of the theft of a hard drive that contained seven years of electronic health record (EHR) data. The device — which contained data that was unencrypted — was stored in a locked room.
Ramifications of the Data Theft
According to information submitted to the Department of Health and Human Services’ Office for Civil Rights, the medical group realized the theft of the hard drive on January 11, 2017. However, records indicate that the theft is believed to have occurred as early as December 29, 2016. A wealth of extremely personal information was included on the stolen device including patient names, addresses, Social Security numbers, dates of birth and driver’s license numbers. Other information that is of a personal nature that was stored on this unencrypted device included insurance provider names and policy numbers, physicians’ names, medications, lab test results, medical diagnoses and other vital clinical data. The backups were stored on the hard drive were dated between 2009 and 2016.
Encryption is Vital for Patient Information Security
This breach experienced by Denton Heart Group underscores the importance of encrypting data in the healthcare industry. Surprisingly, given the technological advances made within the industry itself, healthcare organizations lag behind other sectors in the field of data encryption.
Studies Highlight the Gaping Voids in Data Protection
Recent studies illuminate the gap that exists between the healthcare industry and others. For example, a HyTrust study found that a quarter of healthcare organizations are storing data in the cloud, but they are not encrypting that information. Even more alarming is the 2017 Thales Data Threat Report for the Healthcare Industry. It noted that only 65 percent of those who do use cloud services also encrypt their data.
Figures from the Office for Civil Rights (OCR) indicate that more than 1.25 million healthcare records have been stolen or exposed since January 1, 2014. In spite of security budgets that have been increasing within the industry, the adoption of data encryption is still not receiving the attention that is needed to keep patient information safe. The statistics noted by various studies support the fact that healthcare organizations that don’t encrypt their patient health information are setting themselves — and their patients — for vulnerability.
We at Unity IT know how important it is to deliver security to the healthcare industry. Our nimble medical IT services provide the protection your patients expect from you. Contact us via firstname.lastname@example.org or call us at (559) 297-1007 and learn how we can make your company’s data secure.