While we feel that our original project proposal covered our project adequately, we have decided to begin investigating breaches and associated consequences. Below are a few sources we have looked into and we will continue to further our research and gather information for a recommendation as the weeks progress.
Data Encryption in Healthcare
This article briefly explains the concern healthcare IT professionals have in regards to hacking but points out that many still do not encrypt data. One of the surveys discussed in the article states that over 80% of those surveyed have made cybersecurity a higher priority in 2016. However, data also shows that 41% still do not encrypt data in transit and 36% fail to encrypt data in storage. When it comes to cybersecurity, encryption of data should be a ‘no-brainer’ and a standard thing that should be done at all times. By not encrypting data, these organizations are not safeguarding patient information and are an easy target for medical identity theft. In one episode of the hit cybersecurity drama-thriller, Mr. Robot, the protagonist points out the inadequate state of a hospital’s security systems. Sadly, there is some real life truth to this point. 55% of survey respondents noted the lack of financial resources and 59% noted a struggle to find “appropriate cybersecurity personnel” as a barrier to their ability to mitigate their cybersecurity risks.
How Healthcare Records are Being Exposed
This article provides a breakdown of all major security breaches that have been listed on the OCR Breach Portal by midyear 2016. The sheer number of breaches and potentially leaked files by only midyear shows just how widespread the cybersecurity problem in the healthcare industry really is. Data follows.
- 48 data breaches were reported as unauthorized access
- 43 data breaches were attributed to hacking or network server incidents
- 37 breaches were caused by the loss or theft of devices used to store ePHI or the loss/theft of physical records
- 4 breaches were due to the improper disposal of records
In terms of the records that were stolen or exposed:
- 60% were due to hacking (2,703,961 records)
- 78% were due to loss/theft (1,342,125 records)
- 6% were the result of unauthorized access or disclosure (342,748 records)
- 63% were the result of improper disposal (118,594 records)
HIPAA Settlement
This article describes what extreme costs can be associated with a HIPAA breach or violation. Triple-S Management Corp was fined $3.5 million after they had repeatedly left beneficiary PHI vulnerable. They failed to maintain appropriate safeguards, failed to implement security measures, and failed to perform risk analysis in order to comply with HIPAA.
Keystroke Logger Breach
Computers in a Kentucky hospital had been affected with a keystroke logger that might have been capturing patient information since 2012. Although there is no evidence that the information was used inappropriately, they still conducted extensive research to resolve the issue. As a consolation to any patients that might have been affected, the hospital offer a year of identity protection services.
BCBS Cyber Attack
This cyber attack lead to capture of 10.5 million individual’s social security numbers and other PHI making it the third largest HIPAA breach ever. The insurance company offers its customers two years of identity protection. The CEO explained that the large number of systems within the company make it difficult to maintain security.
Good research. I posted some links on your first proposal that will help to provide data on security breaches and privacy. The Ponemon Institute covers healthcare. Here is the library link with the search on "healthcare".
ReplyDelete