It seems that large scale digital information breaches are becoming a cold and strangely frequent reality for big organizations recently. On May 5, 2015, a breach of information was discovered at the UCLA Medical Center.
The breach may have went undiscovered since as far back as September of 2014. Those affected include UCLA Health’s patients as well as any medical providers who’s digital information could have been involved. An estimated 4.5 million patient records have been exposed by the breach. Records include personal information such as names, addresses, social security numbers and other sensitive medical information.
There is a lot of speculation about the party responsible for the breach as well what allowed for this to happen. A common idea is that the breach was conducted by a hacker attempting to sell any potentially valuable personal celebrity information stolen. This would’t go unnoticed as a recurring theme. UCLA Health also found itself the victim of a security breach in 2008 when the ePHI (electronic Patient Health Information) of Britney Spears, Farrah Fawcett, Maria Shriver as well as other celebrities were illegal browsed by workers. There are a number more breaches that UCLA Health has been involved in. This is not unusual for an organization of this size.
The potential costs of any breach similar to this, not just one of this magnitude can run quite high for the organization and medical providers most closely involved.. When 4.5 million patients are affected in what could be perceived as a failure on the side of UCLA to prevent such an event from happening, the situation gets very legal, very quickly. Costs could easily amount to millions of dollars in potential suits, fines, and mandatory network infrastructure remediations. After such an occurrence, federal health officials investigate breaches of patient privacy and often fine for violation of the Health Insurance Portability and Accountability Act (HIPPA). Fines for violations of HIPAA or HITECH can run up to $1.5 million per year. UCLA Health in the past payed $865,500 as part of a settlement with federal regulators for another information breach.
Already there is a class-action lawsuit being filed against UCLA Health for alleged violations of California’s Confidential Medical Information Act. The suit also claims that the breach was a direct result of UCLA failing to take basic steps towards the protection of its patients information.
There was a recent study done by the Ponemon Institute (ponemon.org) which found that in the past two years alone, 90 percent of all healthcare organizations have found themselves the victim of at least a single data breach, while 39 percent experienced in between 2 and 5 breaches, and 40 percent suffered 5 or more breaches. Since September of 2009, the United States Department of Health and Human Services has reported 1,265 individual healthcare information breaches, compromising the records of almost 135 million people.
The same study by the Ponemon Institute also shed light on another sad truth. Although events concerning digital security in recent years have received overwhelming public attention, half of healthcare organizations have little to no confidence that they have the ability to detect such a potentially catastrophic occurrence in their own systems and more than half of medical organizations believe that their systems for handling incidents of this nature lack the necessary resources to be effective.
We offer a multitude of solutions for you and your organization. We can audit all internal and external endpoints to determine any shortcomings in your existing network security infrastructure/policies and work with you and your organization to create a hearty network infrastructure that can withstand attacks such as these through proper implementation of security systems and handle any problematic occurrences smoothly. We can provide and implement security tools including firewalls, intrusion detection systems, network software security policies, and anti-virus/malware solutions. We also offer a comprehensive list of services to prevent any legal violations especially concerning HIPAA and HITECH.
Just because the technology and resources available to criminals are becoming more advanced, doesn’t mean that the threat has to grow. Complacency in any field where you can be digitally vulnerable is often lethal. Basic steps can be taken in order to secure a your system and to keep sensitive information safe. We can provide these steps.