May 23, Boys Town National Research Hospital, Omaha, NE noticed unusual activity happening with an employee email account. Results of their investigation concluded that an unknown individual had access. It was determined that all personally identifiable information was accessible including name, date of birth, Social Security number, medical records, insurance details, banking or financial account numbers and passport and driving licence numbers.
As a result, the hospital notified employees, current and former patients. A hotline was set up and it offered potentially affected individuals access to a year’s worth of free identity protection services.
Rise in hospital breaches
Sadly, hospital breaches are on the rise and becoming too common. According to a 7 year study released, February 2018 by Meghan Hufstader Gabriel, Ph.D., assistant professor, the Department of Health Management and Informatics at the University of Central Florida, an estimated 16 million U.S. patient records were stolen during 2016.
Other findings include:
- 215 breaches affecting 500 or more people took place in 185 nonfederal acute care hospitals; 30 hospitals had more than one breach, and one hospital had four breaches
- Teaching hospitals and pediatric hospitals were more likely to experience breaches
- Larger hospitals (more than 400 beds) were more likely to have breaches than small (less than 100 beds) or medium hospitals (100 to 399 beds)
- Investor-owned hospitals (for-profit) were less likely to have a data breach
IT Governance USA can help hospitals address the situation
We know patient care is tops for hospitals. But they must invest care into protecting their data. They could implement an ISMS (information security management system) conformant with ISO 27001, the international standard that describes best practice for an ISMS, to safeguard their sensitive data, help avoid financial penalties related to a data breach, and improve their ability to tender for contracts where ISO 27001 is a requirement. To get started, they should download at no cost IT Governance USA’s ISO 27001 data sheet.
It will help them discover:
- How ISO 27001 can improve information security
- The benefits of achieving certification
- How the standard works
- What to consider when tackling the standard
- How to overcome the initial barriers of implementation
IT Governance USA’s implementation bundles are designed to meet the unique needs of any organization. These affordable bundles can help hospitals achieve ISO 27001 compliance.