Reported PHI Data Breaches in 2012 is Staggering
June 5, 2012
As the movement to digitize the U.S. health care system continues to build strong momentum, it is imperative that physician practices and medical organizations include data security as part of their health IT strategy.
What the data will show is that there is more to PHI data security than just hardware and security infrastructure.
Here are some brief highlights of the five largest reported PHI data breaches so far in 2012:
1. Utah – A state agency had a server hacked affecting 780,000 patients. Cause of the Data Breech: Weak password.
2. Georgia – A private health care organization lost control of 10 back up disks containing PHI data for more than 315,000 patients. Cause of the Data Breech: Misplaced back up disks.
3. South Carolina – A state agency experienced an unauthorized, unsecured release of complied PHI data on more than 228,000 patients. Cause of the Data Breech: Employee compiled PHI data on patients and sent the information to a private email account.
4. Washington D.C. – A university hospital had PHI data of approximately 34,503 patients at risk due to the theft of a laptop computer. Cause of the Data Breech: The laptop was stolen from a contractor’s vehicle and the PHI data stored on the computer was not encrypted.
5. California – A hospital health care system experienced a possible security breech when approximately 31,800 patients medical data was vulnerable and could been accessed through internet search engines. Cause of the Data Breech: The organizations security settings were incorrect.
In conclusion, these highlights tell a compelling story – No two data security breeches are the same. Security within the healthcare industry is changing and PHI data breaches are a significant issue. At risk are not just a patient’s privacy and personal information, but also the reputation and financial well being of the medical organization. Health care Administrators have a clear choice – Either maintain internal staffing levels to effectively mitigate the risk of PHI data breaches or hire an outside health IT vendor that can help develop and manage their security policies and procedures.
For more detailed information on reported PHI data breeches so far in 2012, click here.