More and more target health service providers, and it’s little wonder why. Few industries regularly hold as much sensitive data as the health industry.
Everyone including researchers, insurance providers and doctors keeps not only sensitive health information, but also billing data and unique identifiers, such as social security numbers.
While plenty of legislation aims to provide extra protections for patient data, the fact is that anywhere there are humans, there will be errors. What happens in the doctor’s office may not be as confidential as we all hope.
Here are three of the most recent data breaches in the health industry.
This disaster was one of the biggest data breaches of 2016. The health insurance company is one of the top Medicare providers and partners, and in July, it announced a breach of Medicare members’ data.
Over 18,000 Medicare recipients received notification that their data was no longer secure. Retirees and the elderly have always been a favorite target for spammers and fraudsters.
This breach increases their risk significantly. According to Anthem, the attack came through one of their vendors, LaunchPoint Ventures.
Due to an oversight, Indiana’s Health Coverage Program left an active hyperlink open that gave direct access to Medicaid recipients’ information. This data breach revealed full names, addresses, Medicaid ID numbers, doctor information, patient numbers and more.
The state of Indiana had over one million people enrolled in their Medicaid programme this April, and the information was available starting in February of this year. The hyperlink was available to the public, so it’s difficult to say who had access to the information.
Fortunately, Indiana’s Health Coverage Program believes the breach has caused no damage to patients. They have offered all notified individuals a free year of credit protection, however, just to be safe.
This April, Washington State University discovered that a hard drive containing sensitive information concerning survey participants had been stolen. The hard drive was kept in a locked safe, but the safe itself was stolen from storage and has not been found.
Approximately one million individuals may be compromised by this breach. Most survey participants provided names and social security numbers, which are a valuable prize for identity fraudsters.
Some participants’ health data may also be jeopardized. Although there is no sign of the stolen hard drive or its protective safe, WSU has notified all parties put at risk by the breach.
Like Indiana’s Medicaid programme, WSU has offered a year of free credit monitoring for every notified individual. The university is also taking measures to upgrade and strengthen security procedures to ensure this kind of incident does not happen again.
Unfortunately, these three examples are only the tip of the iceberg. New reports and notifications keep hitting the news.
Even doctors aren’t safe from ransomware. Ultimately, there is little patients can do to protect themselves, and the burden of responsibility falls heavily on the healthcare industry itself.
