Hardware Theft Leads the List of Reasons for Medical Information Breaches

By Carlton Purvis
Cybersecurity is a primary concern as corporate workplaces cozy up to mobile technology like smartphones and tablets, but physical theft of devices still remains the number one cause of security breaches of private health information, according to a Department of Health and Human Services database of health information breaches. HHS is required to post data online for any information breaches affecting 500 or more individuals.
This year, data for more than 2.6 million people was breached in 32 incidents including cyberattacks, improper disposal, loss, theft, and unauthorized access. The largest happened in January after Health Net reported that the records for 1.9 million patients were missing from computers.
Of the 32 breaches reported thus far in 2011, 18 were caused by theft of laptops or other portable devices, resulting in a breach of data of more than 640,000 individuals. Theft was also the cause of the second largest breach of 2011 after a desktop computer containing private information for 514,330 people was stolen from Eisenhower Medical Center in California in March.
The healthcare industry may be more vulnerable to these kinds of breaches than some fields because of the frequent use of computer technology. Health and pharmaceutical companies had one of the highest rates of lost laptops – second only to the education and research field, according to a report published by Intel Corporation and the Ponemon Institute.  
The study found that most organizations (two-thirds) don’t take advantage of security practices like encryption, which would keep data secure if a device the information resided on were stolen. Forty-six percent of laptops contained confidential data; only 30 percent used encryption, the reported stated.

photo by yoppy from flickr


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.