On May 31, 2018, San Francisco-based Dignity Health reported a data breach affecting almost 56,000 patients to the Department of Health and Human Services (HHS). This was the third-largest data breach reported in May.
Cause of breach
Due to an email sorting error by Dignity’s scheduling vendor, Healthgrades, it sent patients misaddressed emails that contained the wrong patient’s name and, in some instances, their physician’s name.
Other breaches at Dignity Health
On May 10, three of Dignity Health’s Nevada-based hospitals reported that they shared information on more than 6,000 patients with a third-party contractor whose contract had already ended.
Dignity Health’s Arizona based-hospital, St. Joseph’s Hospital and Medical Center, identified that an employee viewed 229 patient medical records “without a business reason to do so”. Those records included demographic information – including name and date of birth – and clinical data, such as nurses’ or doctors’ notes and diagnostic information.
Protect yourself against data breaches with ISO 27001
To protect medical centers and other organizations from data breaches, IT Governance USA offers the free green paper
The international information security standard ISO 27001 sets out the requirements for implementing a best-practice information security management system (ISMS). An ISMS is a framework of policies and procedures to protect an organization’s information assets. As it considers people, processes, and technology, an ISO 27001-conformant ISMS covers both organizational and technical controls.
We also offer a free trial of the ISO 27001 Cybersecurity Documentation Toolkit.
This toolkit helps organizations with:
- Implementing NIST Special Publication (SP) 800-53 alongside ISO 27001 to mitigate information and security threats and data breaches
- Ensuring compliance with laws and regulations, including the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation and Massachusetts 201 CMR 17.00
- Achieving ISO 27001 certification and demonstrating commitment to the security of your confidential and sensitive information