Senseon Presents: Healthcare Physical Security Breach Roundup

Keeping your healthcare organization secure starts with understanding the physical security risks you face. That’s why Senseon brings you the most recent physical data breach announcements and news each month. If you’re interested in learning more about measures you can take to minimize the risk of your facility ending up on this list, we can help.

Film Theft Impacts 1,400 Patients

inSite Digestive Care of California tops the list this month with a theft of “paper/films” that suspected to have impacted 1,424 patients. According to reports, someone broke into two storage lockers that housed patient records and potentially viewed and possibly removed patient files. The files contained names, addresses, driver’s license and Social Security numbers, as well as lab orders and other health information. inSite Digestive is offering a year of free credit monitoring and identity protection services to anyone potentially impacted.

Laptop Stolen From Sports Medicine Clinic

The theft of an employee laptop at Milligan Chiropractic Group in San Diego, CA has resulted in compromised data for their patients. Though there hasn’t been any indication that the information was misused, the possibility still exists. Del Mar Chiropractic issued a letter to inform affected patients that their name date of birth, as well as clinic and progress notes, may have been put at risk.

Improper Disposal Threatens Georgia Patients

St. Francis hospital recently informed the public that administrative documents that were intended for shredding were actually accidentally picked up and improperly disposed of along with the hospitals regular waste. It’s possible that the documents contained personal as well as billing information including name, date of birth, Social Security number, and address.

779 Wisconsin Patients Notified of Laptop Theft

The Management Group, businessassociate of The Wisconsin Department of Health Services, notified 779 participants in its Medicaid long-term care service for adults, IRIS, that a stolen laptop might jeopardize their personal information. The laptop bag contained the corresponding password and patient information including names, addresses, dates of birth, and financial information. Additionally, the social security numbers of at least 23 participants were stored on the computer. Affected individuals have been offered a year of free identity protection services.

Unencrypted Disk Lost in Mail

CareMeridian, operatorof subacute care facilities in California, Arizona, Nevada, and Colorado, informed 1,922 individuals via mail of its discovery that an unencrypted disk (sent by a third-partyassociate) had been lost in the mail. The wayward disk contained patient names and medical information along with the Social Security numbers of 19 individuals. So far there has been no indication of attempted or actual misuse of the information.

Former Hospital Employee Steals, Then Sells Patient Records

Two former employees of Florida Hospital stole and sold an “unknown” number of patient records. Local reporters thoughdiscovered a corresponding civil lawsuit indicating that at least 9,000 patients were impacted by a data breach. The activity began in 2012 and ran for two years. According to prosecutors, the two accused sold patient records for their own gain and with malicious intent.

News

Majority of Organizations Impacted by Breaches Implement Biometric Authentication

Software and security firm, Veridium conducted a survey of 200 U.S. senior IT decision-makers and found that a full 63 percent were planning to implement biometric authentication to prevent a repeat occurrence. 83 percent of that same group reported that their employees used techniques to bypass passwords and 86 percent of the respondents agreed that biometrics was the most secure authentication method available. This is because of its overall better security, ability to increase workforce productivity, and better accessibility.

Vulnerable, Paper Records Often Overlooked

This article from CSO Online highlights the often-misguided focus on electronic breaches in the information security discussion. Information sitting in file cabinets and other physical storage places are often seen as being a secondary risk. The article highlights three specific examples of breaches of physical data including theft and improper disposal, naming this type of breach and generally “the most easily preventable.”

Want to learn more about Senseon’s physical security offerings? Visit our Healthcare Access Control page or contact us!