Data breaches hit hospitals in two states

In Utah, patient data privacy and security hits just keep coming
Tools

There's a good reason that CIOs rank data security among their top priorities for 2013: Stories of data breaches continue to be an almost-daily occurrence--including two recent breaches in Mississippi and Utah. 

Mobile devices, including laptops, are particularly vulnerable to loss or theft. One of the latest cases comes from the University of Mississippi Medical Center (UMMC), where a shared password-protected laptop has gone missing.

According to the facility, the device contains information on adult patients treated between 2008 and January 2013, including names, addresses, dates of birth, Social Security numbers, diagnoses and treatments. There's no indication that the information has been accessed.

In Utah, however, the breach is paper-based. Granger Medical Clinic has informed patients of a potential breach after 2,600 medical appointment records slated for shredding disappeared. The records were printed out from an electronic scheduling database, according to The Salt Lake Tribune. The records included the names, dates and times of appointments and the reason for the medical visit, but no addresses, birth dates, medical claim information, Social Security numbers or financial information.

When it comes to health data breaches and hack attacks, the state of Utah can't seem to catch a break. As FierceHealthIT reported earlier this year, a employee at an outside contractor for the Utah Department of Health lost an unencrypted USB memory stick containing personal information for 6,000 Medicaid clients.

Last fall, hackers infiltrated the Utah Heath Exchange web portal, rendering it essentially useless for a week.  And last March, Eastern European hackers gained access to healthcare information for nearly 780,000 Utah Medicaid patients.

U.S. Department of Health & Human Services Office of Inspector General officials, writing recently in the New England Journal of Medicine, urged healthcare organizations to adopt best practices to ensure data privacy and security, such as erasing hard drives of rented photocopiers. Sounds like good advice should someone in the office decide to print out reams of scheduling data--although a better practice would be not to print it out in the first place.

To learn more:
- find the UMMC announcement
- here's the Salt Lake Tribune article

Related Articles:
New year, same old health data breaches 
Adopting best practices key to data security, HHS officials say
Data security, infrastructure upgrades among top CIO priorities for 2013
Lost USB drive compromises info for Medicaid recipients
Officials downplay insurance exchange hack
Health department breach impacts 24K Medicaid patients
4 health privacy threats that will freak you out