Data Breach

Firm offers data breach insurance

Anne Zieger — Sun, 17 Aug 2008 08:02:29 -0400

A unit of hospital purchasing alliance Premier Inc. has begun offering insurance designed to protect members against the cost of data breaches. We're guessing that HIT leaders and their colleagues are starting to realize just how expensive a malicious data breach can be. Those numbers are extremely steep--in fact, most incidents are estimated to cost nearly $200 per record and $6.3 million per incident. To address these concerns, the Premier unit's Premier Insurance Management Services of Charlotte, N.C., is offering data privacy and network risk liability insurance to members. It's working in partnership with Media/Professional Insurance of Kansas City, MO.

The insurance covers a bundle of "soft" costs relating from the breach, including expenses, fines and penalties arising from government and regulatory investigations into how the hospitals managed personal data. It also covers crisis management, public relations and customer notification. Policyholders also get access to data security risk management and planning help, consultation, and educational assistance from law firm Sonnenschein, Nath & Roshenthal LLP.

To learn more about this insurance:
- read this Health Data Management article

Related Articles:
U.S. hospitals have security 'blind spot'
More hospital data security breaches
Johns Hopkins loses patient, employee data
IT staffer fired after data theft, sues hospital

HHS awards contract for medical identity fraud study

Anne Zieger — Sat, 14 Jun 2008 16:18:17 -0400

HHS's Office of the National Coordinator for Health Information Technology has awarded a $450,000 contract to Booz Allen Hamilton to scope out the size of the medical identity theft problem in the U.S. ONCHIT defines medical identity theft as when a person's identifiable health information is improperly used by another part to obtain medical goods or services, or to submit false medical services claims. To date, note ONCHIT officials, no one is quite sure how widespread the problem is, but it seems likely that it's extensive--and anecdotal evidence suggests that the problem is growing. To address this issue, Booz Allen will assess the scope of the problem, hold a meeting to discuss how to fix it, then produce a report on how to proceed.

To find out more about this issue:
- read this iHealthBeat article

Related Articles:
The growing problem of medical identity theft
Trend: Identity thieves get better at stealing medical records
NY hospital worker charged with massive file theft
California expands health data breach rules

UnitedHealthcare breach leads to UC Irvine identity thefts

Mon, 09 Jun 2008 06:59:58 -0400

After months of investigation, it looks like a data breach at health plan UnitedHealthcare Services may be behind a large-scale rash of identity theft taking place at the University of California, Irvine. As of last week, it appeared that more than 155 graduate and medical students at UC Irvine had been hit by the identity thieves, who filed false tax returns in the victim's names and collected their tax refunds. The breach could potentially affect 1,132 graduate students enrolled with the university's graduate student health insurance program in the 2006-07 school year, officials said. The IRS notes that identity thieves have been particularly aggressive this year, as they may be able to collect not only refunds, but also the pending stimulus checks being handed out to families and individuals.

To learn more about the break-in:
- read this Computeworld piece

Related Articles:
Trend: Identity thieves get better at stealing medical records
The growing problem of medical identity theft
NY hospital worker charges with massive file theft
California expands health data breach rules

U of Miami loses data on 2.1 million patients

Mon, 28 Apr 2008 06:59:58 -0400

While they contend that the data is unreadable--and therefore poses no risks--officials with the University of Miami School of Medicine have gone public with the news that someone stole back-up tapes holding health and financial information on about 2.1 million patients. The data, which contains information on patients going back through 1999, was stolen from a storage company contracted to hold the records. The data includes names, addresses, Social Security numbers and, in some cases, health and financial information. The university plans to directly notify 47,000 patients whose data could have included credit card or other payment information.

However, officials say that since the data is stored in a "complex and proprietary format," the thieves won't be able to access it. According to an analysis by computer security consulting firm Terremark Worldwide, which analyzed a similar set of back-up tapes, the nature of how the data was compressed and encoded should make it extremely difficult for thieves to access it.

To find out more about U of M's data theft problem:
- read this Florida Healthflash item

Related Articles:
NHI security breach includes data on U.S. rep
California expands health data breach rules
Johns Hopkins investigates data breach
VA pledges better data security

NIH security breach includes data on U.S. Rep

Mon, 07 Apr 2008 06:59:58 -0400

Now this must be a little embarrassing for officials at NIH. As it turns out, Rep. Joe Barton (R-TX) was one of 3,000 patients involved in a cardiac MRI study whose records were possibly lost when a laptop computer was stolen from the agency. Not only is the loss of records on a U.S. Representative a faux pas, Barton happens to be a founder of the Congressional Privacy Caucus, which focuses on educating other Congressional offices and staff members on individual privacy issues. Though the laptop was stolen in February, Barton learned of the breach a couple of weeks ago, and didn't know his data might be involved until late March. Now Barton and colleagues are asking HHS's Inspector General to investigate why the data wasn't encrypted on the laptop, and why the agency didn't notify people sooner of the breach.

To learn more about the data theft:
- read this Modern Healthcare piece (reg. req.)

Related Articles:
California expands health data breach rules. Report
Johns Hopkins investigates data breach. Report
Massive data loss at HCA. Article
Allina suffers patient data theft. Report
VA pledges better data security. Report

UCLA staff accused of viewing Britney Spears' records

Mon, 24 Mar 2008 07:59:56 -0400

In what is unfortunately an all-too-predictable episode, UCLA Medical Center executives have said that they're investigating 13 staff members who seem to have accessed Britney Spears' medical records without authorization. The staff members are accused of viewing her non-medical records during her psychiatric stay in January. The Los Angeles Times reported that none of the staff members involved in the incident were physicians, but that they would be fired and that 12 others--including some doctors--would be disciplined. This incident follows on another, taking place in mid-2007, when two dozen employees at a New Jersey hospital were suspended without pay after viewing the medical records of actor George Clooney without authorization.

To learn more about the episode:
- read this article from Healthcare IT News

Related Articles:
Union fights suspensions for workers viewing star's records. Report
California expands health data breach rules. Report
Johns Hopkins investigates data breach. Report
Massive data loss at HCA. Article
Allina suffers patient data theft. Report
VA pledges better data security. Report

UCLA staff accused of viewing Britney Spears' records

Mon, 24 Mar 2008 07:59:56 -0400