During the year 2014, all healthcare organizations whether small or large kept on becoming the victim of cybercrimes. Some of these crimes were minor while others were major. The organizations had to lose the confidential information of the patients. Sadly, the protected information of the patients was exposed time after time in a number of ways.
Here are the major 5 HIPAA breaches in 2014 that explain how the individualinformation was affected.
- Between April and June 2014, hackers broke into the patient’s portal of Community Health Systems by using a malware and they gained access to the personal info of 4. 5 million patients. This is was one of the largest hospital providers in the country whose data we are talking about.
- Texas Health and Human Services Commission after terminating the Medicaid contract with Xerox identified that its vendor did not return the paper. Hence, the EHR data of 2 million Medicaid patients throughout the state was compromised.
- A group of hackers breached agency server of Department of Public Health and Human Services at Montana. This breach continued for a year starting from July 2013 and it resulted in losing data of 1.3 million people.
- A bunch of thieves stole 8 encrypted computer in Los Angeles County at a billing vendor called Sutherland Healthcare Solutions. This resulted in losing the PHI of about 340,000 individuals.
- A network server folder at Tennessee-based Touchstone Medical Imaging exposed the PHI of about 307,000 patients and made it available online openly to everyone.
The reports of data breaches have increased in the year 2014 and some say it was all because of the HIPPA Omnibus Rule. This rule took its effect in September holding the business associates accountable for violating the security rules and HIPAA privacy laws.
Business associates were well aware that this change had to introduce. The director at the office for civil rights said that we had been working on the change from a long time and we were clear with business associatesthat as per the regulations, they will become directly accountable for any breaches. Hence, they were expected to take necessary steps for amending their privacy policies, practices and procedures to comply with the new obligations.
A New York based attorney, Ted Kobus who works on cases related to security and privacy breaches said that business associates were quite lagging in terms of complying with the obligations. They are not as prepared as they are expected to be. They ask for assistance in the compliance, they question about technologies such as cloud computing and they have general compliance issues as well.
Over 30-70% of the security breaches involve vendors. This is responsible for adding more pressure on the government to make the business associates liable for the acts and force them to keep up with the enforcements.
It is being predicted that in the coming days, android phone malware will also increase and these malware might even start affecting the iPhones. So, even data in smartphones is vulnerable to security breaches.