Senseon Presents: Healthcare Physical Security Breach Roundup

Lock Up Your Laptops: Missing Laptops Dominate June’s Physical Healthcare Breaches

Dynamic hospitals take a proactive approach to security, and that starts with understanding risk. That’s why Senseon brings you the most recent physical data breach announcements and news each month. If you want to learn more about what you can do to minimize the risk of your facility ending up on this list, we can help.

Stolen Louisiana Laptop Jeopardizes 2,553 Patients

Eye Care Surgery Center (ECSC) discovered a stolen laptop back in February, potentially jeopardizing personal information including patient diagnosis. They’ve responded by enhancing their security systems both inside and outside their buildings as well as encrypting most of the portable electronic devices and desktop computers used for patient care.

Stolen Employee Laptop Risks Alabama Patient Security

Patients of an Alabama lab chain might want to keep their eyes open over the next few months. American Esoteric Laboratories (AEL) announced their recent discovery of a “data security incident” which amounts to a stolen company-issued laptop at the end of 2017. Information stored on the computer may include anything from patient treatment information to social security information. AEL is responding by implementing encryption technology, retraining staff, and updating policies and procedures.

Burglars Crack Safe and Breach Patient Records

Nebraska burglars managed to get hold of a handful of items containing patient information including a computer component of an EKG device as well as uncashed patient checks. Complete Family Medicine has worked with police to recover some of the patient’s checks, but the computer, which contained names and EKG images, has not been located. To protect against future issues, Complete Family Medicine is reviewing its policies and procedures to decide whether they need to make changes around their approach to physical healthcare security.

Sleep Center Security Breach Nightmare Leaves 2,100 Patients At Risk

Hard drives step up to the breach plate this time with a Virginia sleep facility reporting violation of 2,100 patients’ ePHI. Earlier this year, Chesapeake Regional Healthcare (CRH) discovered that two portable hard drives had gone missing from its Chesapeake, VA center. The hard drives were not encrypted. The drives contained personal and demographic information as well as medication and procedure information. CRH is upgrading its efforts to keep portable hard drives safe and has already enhanced company policies to get ahead of any future issues.

600 NYC Health + Hospitals/Harlem Patients Offered Credit Monitoring

A laptop went missing from an NYC Health + Hospitals facility, prompting a report to the federal oversight agency. The laptop went missing on January 25 and was reported two days later as missing and having housed patient names, dates of birth, and hearing test status. NYC Health + Hospitals has stepped forward and started reviewing security precautions that are currently in place to identify any areas for potential supplementation. They’re also evaluating security precautions specifically for portable devices as well as security-awareness training to ensure employees understand the importance of protecting PHI.

News

Report Reveals 16% of Breaches Involve Loss or Theft

The recent Protenus Breach Barometer offers a look at the state of healthcare breaches in the first quarter of 2018. It found that 1.13 million compromised records across 110 data breaches. Also, insider cases of snooping on family members are rampant (making up 77.10 percent of privacy violations) right ahead of snooping on coworkers. Breach types break down as follows:

37 % involved insiders.
37 % involved outsider hacking.
16 % involved loss or theft.

Physical Security Emphasized in CSO/CISO Role

As the executive responsible for a healthcare organization’s entire security posture, CSOs and CISOs can’t afford to overlook physical security for digital. CSO Online delves into the responsibilities of the CSO including business continuity planning, privacy, as well as loss prevention. It also goes on to cover the differences between the CSO and CISO and how skillsets differentiate in different organizations.

Considering getting ahead on your own breach prevention plans? Senseon’s reliable cabinet locking systems can be an integral part of any proactive facility’s security initiative.