Hospital records and data breaches, a continuing problem
September 5, 2016 |
Health records are a particularly popular target of hackers who use ransomware to extract quick payment. Hospital records are self evidently critical in patient care. Hospitals are notorious for their poor data security practices. That is a function of a culture resistant to implementing modern data security practices, a large number of staff accessing records and emails and generally poor security protocols and even worse training of staff on basic privacy training. The combintation of those factors make it relatively straightforward for hackers to plant ransomware on a targeted hospital’s server. A recent case involves Derriford Hospital which is reported in Computer hackers demanded ransom payment from Derriford Hospital. That coincides with a notice of a data breach by Burrell Behavioural Health on 2 September where a hacker accessed the email account of an employee on 6-7 July 2016. On the day before the US Department of Veterans Affairs notified patients of a breach at the Clement J Zablocki VA Medical Centre on 22 August 2016.
That coincides with the report in Hong Kong of the theft of personal information of 3,675 patients, including their identity card details, personal and details of medication taken. Of those records only 901 were encrypted. The loss occurred through the theft of a lap top which held patient data. That is a serious lapse, one which occurs all to often in the health industry. The breach is reported in the South China Morning Post as University of Hong Kong’s medicine department ‘sorry’ for patient data breach.
The article provides:
Laptop containing personal information of more than 3,600 patients believed to have been stolen; police are investigating.
[…] Hospital records and data breaches, a continuing problem […]