Incidents Of Data Security Breach Reported In Two Medical Facilities In The Country
One of the dermatology centers in North Carolina revealed that there has been a health data breach after a malware was detected in its servers. A statement released by the center says that a malware was found on one of its central servers on September 25, 2014. The center said that patient health information was exposed to the malware. However, the center said that the EHR software of the organization was not connected with this server and hence the data on EHR software has not been compromised. Keep in mind that EHR application contains most of the vital data about a patient.
The practice administrator at the center said, “Taking aggressive action early and confronting this issue is consistent with the practice’s core value of behaving in an ethical and transparent fashion.” He further added, “Central hired a prominent forensics security expert firm and an information technology firm that investigated this incident, reviewed all systems, and Central has improved our security wherever necessary to help protect our community. On behalf of the people of Central Dermatology Center, we sincerely apologize for any inconvenience this may cause.”
Now, even though the center said that the malware was first found on September 25, some experts believe that the server could have been infected by the malware by August 2012. The center did not reveal the number of patients who were affected by the malware. It said that all those whose data have been compromised were contacted and offered free identity theft protection and credit monitoring.
In another incident, one of the health care facilities in New York City, Mount Sinai Beth Israel, said that one of its physician’s laptops were stolen and it contained data about more than 10,000 patients. Even though the computer was password protected, the data in it was not in an encrypted format.
The statement from the facility says, “Stored on the laptop were emails from an OB / GYN physician’s Mount Sinai Beth Israel email account that contained information on approximately 10,790 patients, including patient names, dates of birth, medical record numbers, dates of service, procedure codes and description of procedures, as well as clinical information about the care the patients received.” However, the hospital says that the other potential data like insurance information, social security numbers etc. were not present in the laptop.
The breach in medical facilities is always a concern as the EHR software and other related devices in these facilities contain many potential data. Therefore, it seems that the facilities should take more strict measures to safeguard the data in its EHR software and servers.