Five Million Healthcare Records Compromised in First Half of 2011

Almost 90 data breaches have been reported since January, with 18 percent due to intentional insider actions. Other causes are hacks and the loss or theft of computer devices.

Boca Raton, Fla. – June 21, 2011 – Data breaches in the healthcare industry in the first half of 2011 resulted in 5.1 million patient records being exposed or otherwise compromised, according to incidents reported to the Privacy Rights Clearinghouse between January 1 and June 15, 2011.

Sixty-two percent of the 87 total reported breaches of healthcare records were due to the loss, theft or improper disposal of documents or equipment on which records were maintained. Six breaches during the first half of the year were the result of computer hacking and affected 388,400 records. Sixteen of the total breaches were due to the intentional actions of insiders, including employees, staff and contractors, at least one of whom had an extensive criminal record.

Among the incidents of insider malfeasance, a common theme is the intent to use patient information for the purpose of identity theft. Stolen personal information can be used to rent apartments, obtain credit cards, open utility accounts and commit other crimes using the names of the victimized individuals.One hacking case involved the breach of an accounts payable system in which personal information was stolen and used to open electric service accounts. Another computer server breach resulted in the provider having to notify more than 230,000 individuals that their data may have been compromised.

“Security breaches are not only embarrassing—they’re also expensive,” said Michael Scheidell, chief technology officer for SECNAP Network Security, an Internet security firm that specializes in the detection and prevention of unauthorized intrusions as well as data leakage. “By the time you factor in victim notification, mitigation activities, and brand impact, you can be looking at several hundred dollars in data breach expenses per patient.”

Scheidell likens information security to car insurance, suggesting that “No one wants to pay for it, but no one wants to be in an accident without it.”

“Unfortunately, organizations who don’t invest proactively in effective security aren’t just risking their own necks,” says Scheidell. “They’re risking the private information, personal identities and credit ratings of their patients. That’s not a risk they should be taking.”

About SECNAP^®

SECNAP Network Security develops information technology and cybersecurity solutions that enable business to be conducted securely on the Internet, leveraging an Integrated Security Management (ISM) platform to deliver award-winning network security, email security and email encryption services in the cloud at total lower cost of ownership.  An extensive suite of security audit services includes external penetration testing, internal vulnerability assessment, HITECH, HIPAA, GLBA and other compliance assessments, web application and wireless assessments, social engineering testing and more.  For details, visit http://www.secnap.com.