Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Healthcare - Chuck Easttom

advertisement 
DATA BREACHES IN
HEALTHCARE
BY CHUCK EASTTOM
WWW.CHUCKEASTTOM.COM
CHUCK@CHUCKEASTTOM.COM
ABOUT THE SPEAKER
• 18 books (#19 in progress)
• 29 industry certifications
• 2 Masters degrees (#3 in progress)
• 5 Computer patents
• Over 20 years experience, over 15 years
teaching/training
• Worked on EMR/EHR and medical billing software
• Frequent consultant/expert witness
www.chuckeasttom.com
chuck@chuckeasttom.com
GENERAL FACTS
•
•
•
•
•
As required by section 13402(e)(4) of the HITECH Act, the
Secretary must post a list of breaches of unsecured protected
health information affecting 500 or more individuals. Since federal
reporting requirements U.S. Department of Health and Human
Services' database of major breach reports
944 incidents affecting personal information from about 30.1
million people.
Smaller breaches are also at issue. In 2012, there where 21,194
reports of smaller breaches affecting 165,135 patients.
Health care data has seemingly become increasingly targeted.
According to some sources, it accounts for 43 percent of major
data breaches reported in 2013.
In April 2014, the FBI warned healthcare providers many that their
cybersecurity systems are lagging behind systems used in other
industries, making the healthcare industry more vulnerable to
cyber attacks
LARGE BREACHES
• Breaches involving 500,000 records or more are
uncommon, but not unheard of.
• In 2014 Chinese Hackers stole information
regarding 4.5 million patient records. The attack
was on Community Health Systems and reportedly
included patient social security numbers.
STATISTICS AS OF NOVEMBER 2014
• More than 146 of the 1,135 of major HITECH breaches
reported as of as of Oct. 17 , were ongoing and not
attributed to one-time events, ranging from one day to
2,891 days.
SMALLER DATA BREACHES
•
•
•
•
Laptops Stolen from New York Podiatrist's Office Contained 6,475
Patients' Information-Poughkeepsie, N.Y.-based Sims and
Associates Podiatry notified patients of a data breach that
occurred when its office was burglarized and three laptops
containing patients' personal and health information were stolen.
Laptop Containing Patient Information Stolen From Coordinated
Health Bethlehem, Pa.- Coordinated Health notified patients of a
data breach that occurred when a laptop containing patient
information was stolen from an employee's vehicle.
The Kaiser Permanente Northern California Division of Research
in Oakland, Calif., notified patients their personal and health
information was compromised when its research server was
infiltrated by malware.
Decatur, Ala.-based PracMan, a billing company utilized by many
Alabama physicians, announced a subcontractor caused a data
breach that exposed the personal and health information of 3,100
patients.
TOP THREATS
• Physical theft
• Insider mis-use
• Accidental disclosure/Unintentional
actions
SPECIFIC ISSUES/THREATS
The following have been reported as part of known
breaches:
Employees and contractors leaving media containing ePHI in
vehicles which were broken into.
Physical burglary of servers with data.
USB devices with PHI left unsecure.
MAJOR SECURITY ISSUES
This list is compiled from several sources:
•
EHRs are still new to many health care providers, so they lack experience
securing electronic patient data
•
Lack of detection controls -- Health care providers may have adequate
perimeter security but not intrusion detection and forensics.
•
Other financial priorities/budgetary issues.
•
Insufficient information sharing.
•
Lack of a ‘security attitude’
SOME GOOD NEWS
• More attention to this issue
• As evidenced by this symposium
• The IEEE is giving more attention to medical devices and their
security
• More training available for staff
• Better technology is available
Related documents
Koompahtoo Local Aboriginal Land Council v Sanpine Pty
Koompahtoo Local Aboriginal Land Council v Sanpine Pty
Consumer Affairs 06-28-06 Survey: Employees Are Biggest Threat To Data Security
Consumer Affairs 06-28-06 Survey: Employees Are Biggest Threat To Data Security
report () - TRM Technologies Inc.
report () - TRM Technologies Inc.
The number of CASBOs proven in court to have been
The number of CASBOs proven in court to have been
Implications of the European Data Protection
Implications of the European Data Protection
security risks
security risks
Americans Increasingly Blasé Over Data Breaches
Americans Increasingly Blasé Over Data Breaches
Document13661312 13661312
Document13661312 13661312
2009 National Cyber Security Symposium
2009 National Cyber Security Symposium
Hacking - Kantara Initiative
Hacking - Kantara Initiative
Best Practices for Insuring Medical Practices from Cyber Risk
Best Practices for Insuring Medical Practices from Cyber Risk
Most Common Non-Compliance 2009
Most Common Non-Compliance 2009
IT Services Performance Report 2011
IT Services Performance Report 2011
How to Deliver an IT Security Sales Presentation
How to Deliver an IT Security Sales Presentation
Applied Harmonized TRA
Applied Harmonized TRA
Cyber Intrusions and Security Breaches
Cyber Intrusions and Security Breaches
Remedies for Breach of Contract pages 210-214
Remedies for Breach of Contract pages 210-214
here - Health Research Authority
here - Health Research Authority
2014 GFOA Presentation
2014 GFOA Presentation
IASA Cybersecurity Breaches
IASA Cybersecurity Breaches
Securing today's remote access
Securing today's remote access
2015 First Half Review BREACH LEVEL INDEX Findings from the
2015 First Half Review BREACH LEVEL INDEX Findings from the
Download
advertisement