Four of the Biggest Medical Data Breaches in United States History
Would you be surprised to learn that, according to the healthcare and technology website Healthline, 44% of data breaches in the United States involved data theft or data loss from hospitals and private medical practices? If recent events are any indication, it seems that hostile entities targeting this type of private data — data that can be used to steal identities — are only becoming more common.
Even so, many healthcare providers think that such a thing can never happen to them, only realizing their mistake when it’s too late. If you’re one of the many who blow off smart security practices, here are just a few of the biggest American medical data breaches to show you just how bad things can get.
Four of the Biggest Medical Data Breaches in American History
- The Case of the Stolen Laptops
- Tricare Management Loses Info on 4.9 Million People
- Weak Firewalls Leads to Utah DoH Heist
- Server Hack Lands Montana Government in Hot Water
According to a report from the U.S. Department of Health and Services, the Advocate Medical Group, one of the country’s biggest medical systems, lost the medical records for 4.4 million of their patients in 2013. How? Somebody left laptops holding those files in plain view in their parked car. This is something that could easily have been avoided with an ironclad device policy.
The largest data breach in American history centers around the Tricare Management Activity, an insurance agency that has long been responsible for the insurance needs of America’s armed forces. Stop me if this story sounds familiar to you: one of Tricare’s employees left a laptop containing social security and medical information for more than 4.9 million people in their car. Here again a strong device policy and the use of mobile healthcare apps to track and delete missing devices and files would have come in handy.
In 2012, the Utah Department of Health — the agency charged with the well-being of the entire state — was hacked. In the process, the DoH lost an estimated 780,000 patient records and unencrypted emails. Using a HIPAA secure email client wouldn’t have stopped the breach, but it certainly would have mitigated how much damage the hostile party was able to inflict.
1.3 million files and emails containing names, residential information, and social security numbers were pried from the Montana Department of Health and Human Services’ computers in 2011. The kicker? The agency wasn’t using any HIPAA secure email services, meaning that the hackers didn’t just get a bunch of hexidecimal numbers, but raw information that could readily be accessed. Despite the lack of HIPAA secure email technologies, the agency released a statement promising that the data had not been improperly used following the breach, as reported by PC World.
Have you taken special steps to protect your hospital or medical practice from data loss? Tell us about the policies, secure messaging services, and other methods you’re using to batten down the hatches in the comment section below. Learn more at this link.