4.5 Million Patient Records Leaked in Healthcare Data Breach
Las Vegas, Nevada (PRWEB) August 20, 2014 -- As revealed on Monday, August 18th the CNN Technology blog, one of the largest U.S. hospital groups, Community Health Systems, announced on Monday that its databases had been attacked by hackers based out of China. The resulting data breach compromised the names, Social Security numbers, physical addresses, birthdays and telephone numbers of 4.5 million patients who received treatment or were referred to one of the network-owned hospitals in the last five years.
Community Health Systems owns 206 hospitals across 29 states, with their largest presence in Alabama, Florida, Mississippi, Oklahoma, Pennsylvania, Tennessee and Texas.
Who is affected?
In this data breach, both patients and medical providers alike are affected. The data leak is a violation of the Healthcare Insurance Portability and Accountability Act (HIPAA), meaning that providers are at risk for being sued by both the state attorneys general and patients for damages and negligence. Since patient information has been shared, the hospital network is offering identity theft protection to the patients affected.
While the hospital has wiped the hackers’ malware from their computer systems as of now, they are still filing a claim with the Security and Exchange Commission as a part of their disaster protection plan.
How to proceed
It is important to remember that a data breach can occur at any healthcare practice, no matter the size. Every practice is required by law to comply with HIPAA so when there is a violation, there are certain parameters that must be met in order to avoid large financial fines and prevent the breach of patient information. Below are just a few:
• Proper security systems must be in place to protect against hackers and prevent malware and viruses from attacking the systems. Malware is the most common way hackers use to attack systems and cause data breaches.
• A security solution that includes logging of access both inside your network and from outside. This can help more quickly identify potential breaches to limit the damage.
• Complete HIPAA training: Every staff member who comes into contact with Protected Health Information must complete HIPAA Workforce Training annually. The law also requires every covered organization to designate a Security Officer, or trained, dedicated staff member to help ensure compliance.
• A disaster recovery plan must be in place: As designated in HIPAA law, all covered entities (health care providers, health plan networks and clearinghouses) are required to have a disaster recovery plan in place to deal with potential security threats resulting in the least amount of patient risk as well as damages.
• A backup appliance must be utilized on the premise: In the instance of a data breach that causes a loss of patient data, a backup appliance would make all of the difference in recovering the stolen data as well as ensuring that proper care can still be given to patients.
“This data breach is most unfortunate as it affects so many people. The hackers are using more tricks to attack all types of healthcare and dental practices on a daily basis,” says Pact-One CEO, Dan Edwards. “The only way to protect your patients and your practice is to stay vigilant, train your staff and make sure all protections are in place and monitored daily.”
For more information about HIPAA and maintaining compliance, visit http://www.pact-one.com or contact Dan Edwards, Pact-OneCEO, at 866-722-8663.
Dan Edwards, Pact-One, http://www.pact-one.com, +1 (866) 722-8663 Ext: 221, [email protected]
Share this article