Transforming IT Blog
Join us in the Transforming IT HP Blog where we will discuss reinventing IT to overcome obstacles and take advantage of Instant on Enterprise opportunities.

Are you on the Healthcare Security Wall of Shame?

Healthcare.png

Did you know that you are seven times more likely to experience a healthcare-related data breach in Alaska versus Maine? Well neither did I. However, when I started looking a little closer at the HHS Wall of Shame portal, I saw what most everybody else sees, that California, Texas, Florida, New York and Illinois have the greatest number of reported data breaches. The most populous states have the most data breaches, big surprise right?

 

Right about now you are saying, "tell me something we do not know."  Well ok, I will. Therefore, I will don my medical scrubs, assume the role of Dr. Facts, and triage the data.  Well guess what, the initial diagnosis that the biggest states have the most data breaches is a little misleading.  It is true that they have the numbers; however, when you normalize the data using the number of hospitals in each state and then further normalize the data by the number of beds, you can see that data breaches on a per capita basis, of sorts, changes dramatically.

 

After normalization, our previous top five poster-child states for data breaches (California, Texas, Florida, New York and Illinois) drop dramatically lower on the list and are replaced by Alaska, Puerto Rico, Washington DC, Rhode Island and Washington. Now a little truth in data mining: not all data breaches occurred at hospitals, so why use that as a per capita baseline? The working assumption for this analysis is that hospitals would represent a reasonable baseline inasmuch as there is a proportionate number of clinics, pharmacies and doctor's offices associated with each hospital.

 

Next, let us examine the types of breaches that have occurred. As you can see, old-school physical theft and loss accounted for over 60 percent of the breaches, rather than the more glamorous hacking-oriented breaches.

 

Picture1.png

 

Just where are these breaches occurring within the attack surface of the organizations? The following will give you some insight.

 

Picture2.png

 

Based on this analysis, what can we prescribe to vaccinate ourselves from similar events? The list below would be a great start:

 

  • Physically protect laptops and servers from theft.

  • Encrypt all laptops and servers with PII.

  • Train personnel on data custody and handling.

  • Dispose of electronic equipment properly.

I cannot emphasize the disposal aspect enough. In one case, a large Health Plan paid a fine of over $1 million when it was learned that a photocopier leased by the company was returned upon its lease expiration containing over 300,000 patient records on its hard drive. Ouch! 

 

If you want a second opinion on your data and media disposal practices, checkout HP's Asset Recovery services. I would also like to hear from you on your treatment plan for protecting your organization's private health information, so drop me a line.

 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Tari is a Distinguished Technologist with 30 years of IT and cyber security experience. He is dual board certified in information security/b...
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.