Thursday, July 29, 2010

Security Breaches: Do Companies Need to See It Get Worse Before It Gets Better?

One would think that with all of today’s security standards and compliance requirements that data leaks and security breaches would be few and far between. Of course, one would be wrong to think that. Indeed, in the healthcare sector alone the numbers are staggering. In a recent report published by Healthcare Info Security the official federal list of major healthcare information breaches dating back to last September included 119 incidents affecting almost 5 million Americans. About 20 incidents were added to the list in the last 30 days.

The total of those affected by major breaches grew by approximately 1.5 million in the past month, primarily as a result of two large cases.

In one case, South Shore Hospital in South Weymouth, Mass. reported that unencrypted backup computer files containing personal, health and financial information on about 800,000 people may have been lost by a company that a Massachusetts Hospital hired to destroy the files. On the breach list, the business partner involved is identified as Iron Mountain Data Products Inc.

In the other case, WellPoint Inc., which owns Blue Cross and Blue Shield plans in 14 states, announced in late June that it was notifying 470,000 people who applied for individual health insurance coverage that their information may have been breached on a website.

Don’t Make the List
Organizations that suffer from security breaches can’t hide and pretend it didn’t happen. Under the Health Information Technology for Economic and Clinical Health Act's breach notification rule, which went into effect last September, breaches affecting more than 500 individuals must be reported to the Department of Health and Human Services' Office for Civil Rights and the news media as well as the individuals affected within 60 days. It’s definitely a list you don’t want to be on.

Get Informed & Get Secure with XYPRO
For more than 25 years, XYPRO has been helping businesses, including healthcare organizations secure their mission-critical systems and information. We help ensure that our customers never make lists like the ones mentioned above. You can learn more about how we do it from our webinar archive at www.xypro.com/webinars.

No comments:

Post a Comment