Digital records kept by medical providers contain highly sensitive data, such as test results, diagnoses, and financial information. And chances are very good that somewhere there is medical data server holding information about you. So, it’s easy to see why the all-too-frequent security breaches in hospitals and doctors offices are quite disturbing.
There have been several instances reported in the last quarter of 2011. Back in October, a desktop computer was stolen from Sutter Medical Foundation’s office in Sacramento, California. According to the Privacy Rights Clearinghouse, 4.2 million patients have potentially had data exposed.
Not surprisingly, lawsuits are already being filed against Sutter, claiming it failed to notify patients of the breach in a timely manner, and that it failed to adequately protect its computer equipment.
Also this fall, Emory Healthcare in Atlanta revealed a much different kind of data breach: One of its former employees allegedly printed off copies of patients’ hospital bills and passed them off to a crime ring, which then allegedly used the data – including Social Security numbers and dates of birth – to file fraudulent tax returns in the patients’ names. The Atlanta Journal Constitution reports that Emory mailed thousands of its patients a notification letter.
According to an article in the Sun Herald newspaper just last week, the University of Mississippi Medical Center fell victim to records theft when a laptop assigned to a faculty member was not secured properly and was subsequently stolen. The data pertained to medical studies the university was conducting, and some records contained potentially sensitive information.
These three instances illustrate how easily customer and patient data can fall into the wrong hands. If that data is lost or compromised, the cost to try to repair the damage can run into the thousands of dollars per record!
In spite of the steady stream of news reports about cyber hacking in the popular media, the vast majority of US businesses are still not covered by a cyber liability policy. That’s a shame, because the costs associated with just one data breach incident could literally put many of these companies out of business.