Stay on top of the physical risks that threaten your organization with our Physical Security Breach Roundup. We bring you the most recent physical data breach and drug diversion announcements each month. If you want to learn more about what you can do to minimize the risk of your facility ending up on this list, we can help.
UMass Memorial Medical Group is learning the expensive lesson that physical breaches should be taken seriously.
The office of Attorney General Maura Healey said in a complaint that two former employees of the hospital breached patient data by improperly accessing PHI specifically for fraudulent purposes. The employees reportedly opened cell phone accounts and new credit cards. The group and hospital, going forward, will be performing employee background checks as well as additional training of employees in handling patient information.
They’re also now required to hire an independent third-party firm to review their security operations and the results with be shared with the AG’s office. This is in addition to payments to the state for $230,000 for the exposure of the health records of over 15,000 patients.
This year has already racked up 179 drug diversion incidents, at a cost of $162 million in lost pills.
Hospitals topped the list with 32 percent of the lost pharmaceuticals while 95 percent of the instances involved an opioid. The main offenders were physicians (involved in 42 percent of incidents) and nurses (involved in 29 percent). Perhaps the most unsettling finding in the report is that average detection time has increased to two years, a chilling statistic considering diversion often results in patients receiving lower doses than they should or the wrong drug entirely.
Security flaws are nothing to ignore. Premera Blue Cross is in the news over charges of intentionally destroying evidence despite being in the middle of litigation.
They’re accused of destroying a key computer in the investigation along with software logs from a security product that possibly showed evidence of data exfiltration. The accusations are linked to a March 2015 breach after which the Office of Personnel Management (OPM) found “numerous security flaws during a routine audit of Premera’s systems.” The flaws were reported to Premera a few weeks prior to the breach.
St. Joseph’s Medical Center in California reported on August 31 that they lost track of portable electronic devices containing the information for almost 5,000 patients. The devices contained the results of lab chemistry tests performed in April of this year. The center doesn’t believe that any of the information has been lost, but it was not encrypted.
Verizon’s 2018 Protected Health Information Data Breach Report has hit the streets and is revealing one stubborn and unsettling trend — inside actors are still a major problem for healthcare security teams.
The study found that 58 percent of breach attempts involve inside actors and that events like laptop theft from cars is a common breach strategy. While physical security often falls by the wayside in healthcare security discussions, reports like Verizon’s are a continuous reminder that physical security should be a priority for every hospital and long-term care security team.
Laptops are frequently named in physical healthcare data breaches, and with good reason. They’re portable and frequently unencrypted and improperly secured. While this is common knowledge, the sheer vulnerability you face because of laptops might not have really hit home yet, but check out these statistics.
- 86 percent of IT practitioners report that a laptop has been lost by or stolen from someone in their organization. 56 percent report that the theft resulted in a breach.
- 52 percent of business managers report that they sometimes or often trust a stranger with their laptop when they’re traveling.
- 45 percent of healthcare information breaches go down on stolen laptops.
- Once, 6 million patients’ medical data was compromised in the theft of just one laptop.
- The average blow to a business’ bottom line after an individual laptop theft is $47,000.
If any of these stories resonate, it might be time to upgrade your physical security. Senseon’s integrated physical security offerings can be an integral part of any proactive facility’s PHI security initiatives.