With recent healthcare news articles headlining the numerous cyber attacks, it comes at no surprise that increased security at various levels has been thoroughly enforced.
Security breaches, to name a few, occur when patient files are:
- Shared without consent
- Consulted by staff not assigned to a patient’s case
- Obtained by hackers outside the organization.
Healthcare Cyber Security Breaches in the News
In July of 2015, a cyber attack targeted 4.5 million UCLA Health patient files. This followed a healthcare insurance hack that affected 80 million Americans earlier that year.
Those parts of the [compromised] network contained names, dates of birth, Social Security numbers, Medicare and health plan identification numbers as well as some medical information such as patient diagnoses and procedures.
More recently, a Hollywood hospital payed a $17 000 US ransom to gain back access to its patient files.
The facility was without access to email, digital patient records and some internet-connected medical devices following a cyber attack that saw hackers take its computer networks clear offline before demanding more than $5 million US in ransom.
In-House Data Breaches
Interestingly, breaches also often occur within healthcare organizations by staff members rather than third party hackers.
Last month, Trillium Health in Toronto faced a claim seeking $2 million in damages after Lisa Lyons, an Ophthalmologist’s assistant, accessed private patient information without consent or authority.
Lyons used her access to Trillium’s entire database to secretly review the confidential medical records of Trillium patients for many years and hundreds of times [...] Such records contain highly sensitive and private information about patients’ medical histories, including medications, treatments, operations, the diseases and disorders they may suffer from, and family circumstances, among others.
Similarly, Island Health in Victoria notified 198 of their patients of a medical record breach carried out by 2 of their employees last month.
Island Health’s investigation confirmed the employees used their access privileges to view the records of patients with whom they had no care or service relationship.
This is the second data breach occurrence in a little over a year, as an Island Health employee was dismissed in April of 2015 after looking into 39 patient records.
This goes to show that the importance of safeguarding private patient information goes beyond protecting data from outsiders, but also requires instilling safety measures within healthcare organizations.
Protecting data such as patient files during transfers or consultations all require a secure network for physicians and other healthcare professionals to exchange private information. Hospitals should implement secure messaging platforms to provide their staff with a means to share essential information quickly and privately. The encrypted messages also make it virtually impossible for third party hackers to obtain their content.