3 Reasons Your Medical Records Are at Risk

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.foxbusiness.com/personal-finance/2014/02/17/3-reasons-your-medical-records-are-at-risk/

When hospitals find themselves in the middle of a breach, they usually
prioritize improving their security to prevent further security breach
incidents.

In addition to defending themselves against data breaches, health systems
also need to find the right balance to adequately protect their patients'
privacy.

Since medical information is stored digitally, patients may not be fully
aware how crucial it is to protect their data from being seen by
unauthorized persons. Some privacy breaches may be avoidable, and learning
from these mistakes is essential for health systems to maintain security of
sensitive patient information. Here are three reasons why patient security
may be lacking at health organizations.

Privacy Is on the Back Burner

When health IT systems are built, ensuring patient privacy is usually not
on the forefront of designers' and engineers' minds. These IT experts
usually put system functions ahead of privacy, which could result in poor
privacy protection down the road. Some developers may also leave out
privacy features altogether, which could put patient information at risk
for being compromised.

Human Error

In a recent report, psychiatric facilities in Texas suffered a string of
data breaches, but the majority of them were caused by human error,The
Republic reported.

Deborah Peel, the Austin founder of watchdog group Patient Privacy Rights,
said repeated data breach incidents could lead patients to question whether
their information is secure, which could cultivate distrust among patients.
"Our patients deserve privacy and expect that their information is kept
confidential," said Christine Mann, spokeswoman for the Texas Department of
State Health Services.

Organizations Don't Prepare for Insider Breaches

While health systems may report cyberattacks, they are also susceptible to
data breaches caused by employees.

One of the data breaches reported in Texas' Big Spring State Hospital in
the past six months was the result of an insider data breach. A former
nursing assistant stole the information of about 50 patients, including
their names and other medical information.

"I feel like I can't trust the hospital anymore, not with anything
personal," said James Boucher, one of Big Spring's patients impacted by the
breach. "I don't even know where the records have been."

If you're worried that your medical records may be exposed and lead to
identity theft, you can monitor your credit for free using the Credit
Report Card, which updates two of your credit scores monthly. Any sudden,
unexpected change in your credit scores could signal possible identity
theft and you should consider pulling your credit reports to make sure your
information is safe (you can do this for free once a year at each of the
major credit bureaus).

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!