Employee Laptops Go Missing and Florida Nurse Diverts Drugs From Automated Dispensing System
Take control of the physical data breach and drug diversion risks that threaten your healthcare organization with Senseon’s Physical Security Breach Roundup.
We bring you the most recent physical data breach and drug diversion announcements each month. If you want to learn more about what you can do to minimize the risk of your facility ending up on this list, we can help.
Physical Data Breach News
Laptop theft from a car has hit healthcare news again.
On December 5, Truman Medical Centers experienced a breach that put the data of 114,400 patients at risk when a company-issued laptop was stolen from an employee vehicle. While there isn’t yet any evidence that information on the password-protected device has been accessed, viewed, or misused, Truman has made an announcement to impacted patients and offered them credit monitoring.
Children’s Hope Alliance is learning just how vulnerable laptop PHI can be.
The North Carolina organization is left contacting their community and referring potentially impacted individuals to major reporting agencies after an employee’s laptop was stolen in October. Work with third-party investigators has revealed that certain documents stored on the laptop may have been accessible. They contained information including names, addresses, social security numbers, user names and passwords, as well as tax identification numbers. There is currently no indication that any of the information has been misused.
Now that the 2019 tally of healthcare data breaches is in, many people are looking forward to what to expect in 2020—especially since research estimates that last year’s breaches will cost healthcare $4 billion.
With 93% of healthcare organizations in the country experiencing a breach in the last few years, no one is exempt from these concerns. These issues are compounded by the rise of approaches such as cloud computing and EHR interoperability, which means answering the role that physical devices and physical access play in security will become an even more complex task.
As more physical devices enter the healthcare security ecosystem, it’s critical to understand exactly what’s at stake.
This article digs into key data points that can be extracted from medical records, including classics such as social security numbers and payment information, but also personal details and prescription records that can then be used to crack security questions, file false insurance claims, and even obtain medical procedures.
Drug Diversion News
Christine Eckles has been charged with theft of a controlled substance after discrepancies were discovered by a manager.
In August, the pharmacy director of Doctor’s Hospital met with Eckles to discuss issues in the use of hydromorphone. The hospital found that Eckles had used 140 vials of the drug by accessing an automated dispensing system—this is in comparison to her nearest peer, who had used just 26 vials during the same time period. Eckles allowed for a search of her belongings by a hospital team member, resulting in the discovery of a vial in her purse. She admitted to using the drug during her shifts for knee pain and claims she did not withhold drugs from patients, only using leftover medication.
The Medicine Chest will be paying out just short of $30,000 after it was found to be in violation of the Controlled Substances Act. The settlement, which was reached in October, states that the organization improperly dispensed Schedule III and Schedule IV drugs, along with omitting multiple record keeping violations.
Want to learn how to leverage design to protect your hospital or health system’s most important assets in an increasingly complex cybersecurity environment? Start here.