High Alert for Healthcare Security Breaches

High Alert for Healthcare Security Breaches

With recent healthcare news articles headlining the numerous cyber attacks, it comes at no surprise that increased security at various levels has been thoroughly enforced.

Security breaches, to name a few, occur when patient files are:

  • Shared without consent
  • Consulted by staff not assigned to a patient’s case
  • Obtained by hackers outside the organization.

Healthcare Cyber Security Breaches in the News

In July of 2015, a cyber attack targeted 4.5 million UCLA Health patient files. This followed a healthcare insurance hack that affected 80 million Americans earlier that year.

ucla-security-breach-patient-data

Those parts of the [compromised] network contained names, dates of birth, Social Security numbers, Medicare and health plan identification numbers as well as some medical information such as patient diagnoses and procedures.

More recently, a Hollywood hospital payed a $17 000 US ransom to gain back access to its patient files.

The facility was without access to email, digital patient records and some internet-connected medical devices following a cyber attack that saw hackers take its computer networks clear offline before demanding more than $5 million US in ransom.

 

In-House Data Breaches

Interestingly, breaches also often occur within healthcare organizations by staff members rather than third party hackers.

Last month, Trillium Health in Toronto faced a claim seeking $2 million in damages after Lisa Lyons, an Ophthalmologist’s assistant, accessed private patient information without consent or authority.

Lyons used her access to Trillium’s entire database to secretly review the confidential medical records of Trillium patients for many years and hundreds of times [...] Such records contain highly sensitive and private information about patients’ medical histories, including medications, treatments, operations, the diseases and disorders they may suffer from, and family circumstances, among others.

Similarly, Island Health in Victoria notified 198 of their patients of a medical record breach carried out by 2 of their employees last month.

Island Health’s investigation confirmed the employees used their access privileges to view the records of patients with whom they had no care or service relationship.

This is the second data breach occurrence in a little over a year, as an Island Health employee was dismissed in April of 2015 after looking into 39 patient records.

This goes to show that the importance of safeguarding private patient information goes beyond protecting data from outsiders, but also requires instilling safety measures within healthcare organizations.

Protecting data such as patient files during transfers or consultations all require a secure network for physicians and other healthcare professionals to exchange private information. Hospitals should implement secure messaging platforms to provide their staff with a means to share essential information quickly and privately. The encrypted messages also make it virtually impossible for third party hackers to obtain their content.

How to Select a Secure Messaging Platform for Your Hospital or Healthcare  Organization Download
Raphael Aube, Director of Customer Service and Support

Written by Raphael Aube, Director of Customer Service and Support

Recipient of an MBA from Tongji University in Shanghai, Raphaël Aubé has been contributing to the health technology sector since 2009. Prior to his role as director of customer service and technical support at PetalMD, he founded three service entreprises that all specialize in different fields of technology expertise. His journey has lead him to manage and work with clients all over the world, which has provided him with a comprehensive understanding of the diverse challenges of technological development and adoption, as well as a broad perspective on potential solutions to overcome them.