A California firm, Southern California Medical-Legal Consultants, has been the most recent facility to make headlines with a massive data breach. The breach, which released the medical records, social security information, and personal details of 300,000 patients, was caused by poor handling and a lack of knowledge. Joel Hecht, owner of the consulting firm, believed he was storing the data on a private website. In reality, it was being placed into a public server, without even the most basic of security measures.
The personal data was discovered by Aaron Titus, a researcher with Identity Finder who then alerted Hecht's firm and The Associated Press. He found it through Internet searches, a common tactic for finding private information posted on unsecured sites.
The data was "available to anyone in the world with half a brain and access to Google," Titus says.
Titus says Hecht's company failed to use two basic techniques that could have protected the data -- requiring a password and instructing search engines not to index the pages. He called the breach "likely a case of felony stupidity."
The breach, which was discovered and locked down last week, has led many to question the upcoming 2014 regulation requiring all medical data to be stored online. While it is obvious that this breach was caused more by ignorance than by hidden insecurities, the argument has been made that other under-trained facilities are likely to follow suit. The Associated Press theorizes that the underlying cause of this breach is the fact that the medical records were so far removed from their original source. While hospitals are usually well-equipped for this kind of data, the AP says, “The further away from the health care provider the records get, the flimsier the enforcement mechanisms for ensuring the data are protected.”
-------------------------------------------------------------------------------------------
Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at Pamela.Argeris@merrillcorp.com.
Data security is very important to businesses. Sensitive and/or confidential data such as client information, payment information, bank accounts, and even personal files and documents should be always stored safely. A massive data breach like what happened to Southern California Medical-Legal Consultants can be very detrimental to the reputation of the business. Remember: if you want to keep your customers, you have to keep their confidence – that includes safekeeping their personal information.
ReplyDelete