TRENDING:

The Security Scrutinizer with Howard Anderson

Breach Horror Stories Shared

Anecdotes Shed Light on Risks Howard Anderson (ismg_editor) • September 21, 2010    
Breach Horror Stories Shared

The anecdotes are included in a white paper from FairWarning Inc. which promised its clients anonymity in exchange for sharing the gory details. If you're looking for new ways to help convince those who control the budget at your organization to invest more in breach prevention, consider sharing these details with them:

  • A senior physician at one practice hired several lower-paid junior physicians to enter notes in the senior physician's name, resulting in billing fraud.
  • An employee of a specialty hospital who owned an assisted living facility as a side business was mining information from the hospital's electronic health records to feed his own business.
  • Staff members of one metropolitan healthcare organization used a pharmacy dispensing system to self-prescribe oxycodone.
  • Several organizations, both rural and urban, reported staff used their electronic health record access to steal the identities of deceased patients to commit financial identity theft.
An employee of a specialty hospital who owned an assisted living facility as a side business was mining information from the hospital's electronic health records to feed his own business. 

FairWarning advises healthcare organizations to conduct a benchmarking study before implementing a breach monitoring/prevention program to help measure improvement in preventing breaches. Its whitepaper offers several attention-grabbing benchmarking examples to illustrate just how common breaches really are, such as:

  • A 200-bed hospital with a few small clinics reported it was experiencing 24 confirmed breach incidents per month;
  • A physician practice with 20 clinics reported 29 incidents per month;
  • An integrated delivery system with multiple hospitals and clinics confirmed 125 incidents per month.

The anecdotal information on horror stories and the frequency of breaches is food for thought as you contemplate how to maintain patient privacy and comply with all the provisions of the HITECH Act -- and avoid its toughened penalties for HIPAA violations.



About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Mapping Access - and Attack - Paths in Active Directory
Mapping Access - and Attack - Paths in Active Directory
Why Hospitals Should Beware of Malicious AI Use
Why Hospitals Should Beware of Malicious AI Use
How AI Can Help Speed Up Physician Credentialing Chores
How AI Can Help Speed Up Physician Credentialing Chores
Joe Sullivan on What CISOs Need to Know About the Uber Trial
Joe Sullivan on What CISOs Need to Know About the Uber Trial
How State Governments Can Regulate AI and Protect Privacy
How State Governments Can Regulate AI and Protect Privacy
Protocol Isolation: The Key to Securing OT Environments
Protocol Isolation: The Key to Securing OT Environments
AI in Healthcare: The Growing Promise - and Potential Risks
AI in Healthcare: The Growing Promise - and Potential Risks
How Biden's AI Executive Order Will Affect Healthcare
How Biden's AI Executive Order Will Affect Healthcare
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Getting a Tighter Grip on Vendor Security Risk in Healthcare
How the Healthcare Sector Can Boost Credential Management
How the Healthcare Sector Can Boost Credential Management

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.