Keep up with the data and drug diversion risks that threaten your organization with Senseon’s Physical Security Breach Roundup. We bring you the most recent physical data breach and drug diversion announcements each month. If you want to learn more about what you can do to minimize the risk of your facility ending up on this list, we can help.
Laptops continue to be a risk to patient digital safety in Illinois with the most recent reports of a stolen laptop.
FHN Family Counseling Center found out that one of their laptops was stolen from an employee vehicle on September 5 of this year. The employee immediately contacted law enforcement and the center kicked off an investigation as soon as they found out. They did determine that the password-protected, though not encrypted, laptop (which has not yet been recovered) did contain patient personal information. FHN has taken steps to re-encrypt all their laptops and retrain all employees on how to properly safeguard mobile devices.
Massachusetts just might be staring down one of the largest drug diversion cases in the country.
Recently, 18,000 pills were stolen from Beverly Hospital and several of its satellite locations. Lisa R. Tillman, a pharmacy technician, was arraigned on a charge of larceny of a controlled substance and has pleaded not guilty, allegedly telling police she was only taking the pills for personal use and flushing unused doses.
The majority of pills were opiates including Vicodin, Percoset, and OxyContin. Tillman allegedly stole the drugs by marking them as outdated and them removing them from automated dispensing machines.
Todd Mehrhoff is facing a maximum of four years in prison for obtaining fentanyl from the Veterans Administration hospital in Madison where he works. Police officers were first alerted to suspected drug diversion by operating room employees who found a fentanyl syringe unattended on a medical cart.
Pensylvania has its own share of drug diversion woes, with registered nurse, Jacqueline Rothermel, facing charges after allegedly diverting pain medication from a local hospital.
Rothermel allegedly diverted multiple vials through an automated drug dispensing system, Pyxis. On March 31, 2018, Rothermel allegedly pulled Oxycodone from the system without documenting it as administered to the patient, wasted, or returned to Pyxis. It’s also alleged that she asked other nurses to document that they had witnessed the waste of a morphine vial that they had not seen. When the nurses refused to document the waste, Rothermel allegedly “found” a vial in her pocket and wasted it in front of them.
Rothermel had previously been terminated from Reading Hospital for suspected diversion of Dilaudid, a pain medication.
New research out of Johns Hopkins University and Michigan State University has found that over half of recent PHI data breaches were due to internal issues with medical providers, and not external parties or hackers. The research was published in JAMA Internal Medicine and found that 53 percent of breaches could be traced back to internal factors.
The bright side of the study was that it seems apparent that tight software and hardware security, along with the proper security policies, can help prevent many of the highlighted issues.
The most recent report from Protenus on healthcare data breaches has revealed that 19 percent of the records breached during the third quarter of 2018 involved paper or film. A full 74 percent were disclosed by providers and the largest (the hack at UnityPoint Health) ended up in the notification of 1.4 million patients back in July. On the bright side, the number of breaches reported (117) dropped from Q2.
The report also revealed that it took organizations an average of 402 days to discover the incident, with discovery times ranging between one day and 15 years.
While reports like these are alarming, they provide valuable awareness for security professionals everywhere. Here at Senseon, we strive to stay abreast of the latest happenings in the industry to best serve our customers.
When the time comes to re-evaluate your data security practices our integrated physical security offerings can be an integral part of any proactive facility’s PHI security initiatives. Visit our healthcare page for more information on how to get in touch with our team regarding your healthcare security needs.