Although there are measures than can be taken to prevent data breaches caused by employees and to involve the personnel more into avoiding such occurrences, there are a lot of security mishaps caused by the loss, theft or misplacing of company hardware by staffers. Laptops, hard drives, USB stick and other storage devices are being lost or stolen on a daily basis, exposing the private data of thousands of people to identity theft or fraud, and many of them occur in the health sector. Read more
A recently published study shows that database administrators don’t fully understand security. According to these fresh findings, database administrators and IT decision-makers in general admit to knowing very little about security issues like change control, patch management, auditing etc. This survey was conducted on 214 Sybase administrators belonging to the International Sybase User Group.
“A majority of respondents admit that there are multiple copies of their production data, but many do not have direct control over the security of this information,” the survey report stated. “Only one out of five take proactive measures to mask or shield this data from prying eyes.”
According to the report’s author, Unisphere Research analyst Joe McKendrick, the ISUG survey is the first released of a series of similar database security surveys being conducted across various database user groups, including those running other platforms such as Oracle and SQL Server. Read more
A computer that may contain personally identifiable information of almost 20,000 Reid Hospital patients was stolen from an employee’s home office in early April. According to Craig Kinyon, CEO/President of Reid Hospital, the laptop was only one of the items stolen in a break in, this indicating that data was not the objective of the theft.
The computer in question might have been storing reports on Medicare and Medicaid patients that have received treatment and medical services between 1999 and 2008. The reports contain names and Social Security numbers, as well as Medicare numbers.
No information stored after 2008 was stored on the stolen device. Nor were any financial information, banking information or other identifying information stored on the missing notebook.
Last month’s disappearance of a laptop from an employee’s locked car has determined Speare Memorial Hospital in Plymouth officials to send letters to 6000 of their patients, warning them of a potential threat against their private information.
The computer in question contained hospital account numbers, medical record numbers, names, addresses, and other patient and health information. However, no Social Security numbers or other sensitive information like insurance information or credit card information were stored on it. As the laptop and the employee’s desktop computer were synced, technicians were able to determine what exactly was lost. Read more
Two dentists from Phoenix, Arizona, Brian J. Daniels, D.D.S. and Paul R. Daniels, D.D.S. have recently posted a short notice on their website regarding a privacy breach. This breach involved a portable data device which was stolen on March 2nd and contained protected health information for about 10,000 patients.
The notice, poor in any relevant detail, reads as follows:
HIPAA Breach Information for Patients of Record Certain electronically-stored patient records were stolen on March 2, 2011. If you have any questions please call 602-265-8751
As the website itself seems to be lacking content, and media coverage is quite poor at the moment, more information on this issue will become available when the Department of Health and Human Services publishes it.