We don’t have any hard numbers, but the feeling amongst our analysts ois that Accidental breach of Phi is likely by far the most common type. Accidental Breach you say? Just what is that?
An accidental breach should not be confused with a negligent or breach, although the lines indeed blur. For instance, throwing a printout of a patients lab order in the trash instead of shredding it would be a negligent breach, even though the person who did so might say “It was an accident!”.
I was recently a speaker for a dental study club. The topic of my talk was “How they Hack” where we followed the path often used by hackers and criminals that results in a breach. After my time was done, the next portion of the study club was an overview of a case that several of the attending Dentists and Orthodontists had worked on together.
A power point ensued and many of the slides contained PHI! Had the study club been a completely closed session with only Dental Professionals, this would not have been an issue at all, however; there were both vendors and food service staff present in the room! This was technically an accidental breach.
Things like this will happen, and no regulation, policy, nor procedure will stop them 100%. So what can we do as both healthcare and technology specialists? Learn from our mistakes and ask questions. In particular if there is any doubt get a second opinion and set of eyes on any situation that involves or has the potential to involve patient data. Also don’t sweat the “Little Stuff”, technology and security change in the coming year will give us all plenty of “Big Stuff” to worry about.
For those that have been through our training or heard me speak to one of their organizations, you know I touch on the subject of Network Connected Devices. These devices are already in many practices and have been for some time. If you remember a few years ago Vice President Dick Cheney had minor surgery […] Continue reading →
Unless you have been living under a rock, or have gone Amish, Ransomware should not only be part of your vocabulary but should be part of your drea…er…nightmares. In fact if you are a practice owner or manager you should have Plutophobia. Continue reading →
Security Awareness Training can decrease the risk of data loss. It is impossible to be 100% secure. However, it is possible to minimize that risk. If you do not provide your employees with security awareness training. It really does not matter how secure you think your network and digital equipment are. The chances of you […] Continue reading →
Ransomware, that dreaded and feared sub-species of malware we all loathe. It’s been around a while now, and the days of single machine encryption and single Bitcoin payments are over. Yes like some living, breathing and toothy beast, Ransomware has evolved. Continue reading →
Criminals dishonest is showing. Here is a specific instance of a Kansas Cardiology facility has been hit with Ransomware. After paying the ransom, the criminals involved said ummm…send us more money. For the Original Article Click HERE. Excerpt from the original article below. “According to the report, hackers got access to the system and locked up the […] Continue reading →
The number and severity of ransomware attacks has been increasing. Companies and individuals who have been paying the ransoms have enabled the criminals that create these malicious programs, to ramp up development and make the attacks more sophisticated. Risk Will Always be there While it is impossible to completely eliminate the risk of getting a […] Continue reading →
Phishing scams are getting much worse and much more sophisticated. If you have not heard of Phishing scams here is the brief summery of what they are are. Phishing scams are an attempt by a malicious party to try and gain access to personal data from you to use at a later time. For an […] Continue reading →
Nearly every practice that we have performed a Meaningful Use Risk Assessment for this year has had a frequently overlooked but common security issue. This vulnerability is so common sense, yet overlooked, and has the potential to cost the practice hundreds of thousands of dollars, not to mention complete loss of confidence by patients. Continue reading →
If you are like most in the health-care industry you might have asked yourself at one time or another, “what would hackers or information thieves want that we have in our systems?”. After all you are not a bank or credit card company with tons of financial information, or are you? They want your health […] Continue reading →