UPDATED 22:55 EST / MARCH 14 2018

INFRA

135,000 patient records exposed in latest healthcare-related data breach

A healthcare provider in Albany, New York, is the latest to be targeted by hackers as records pertaining to 135,000 patients were potentially stolen.

The hack at the St. Peter’s Surgery & Endoscopy Center was discovered Jan. 8, and the hospital moved to take the data offline immediately. While saying in a statement that it has no evidence that any patient information was accessed or used in any way, it added that it was “unable to definitively rule that out.”

Data potentially accessed included patients’ names, dates of birth, addresses, dates of service, diagnosis codes, procedure codes, insurance information and, in some instances, Medicare information. No credit card or payment information is said to have resided on the affected server, however.

Discussing the hack, Manoj Asnani, vice president of product and design at Balbix Inc., told SiliconANGLE that the list of healthcare data breaches is too long to rehash, and the number of breaches we read about daily is likely severely understated.

“The St. Peter’s Surgery & Endoscopy Center breach is just another tick mark for healthcare breach stat book and there will be hundreds more before the year is over,” Asnani said. “Ultimately, the tried and not-so-true approaches to security in the health sector – compliance standards such as PCI DSS included – are Band-Aids at best and are flat-out ineffective against employee negligence or persistent attacks.”

Asnani explained that organizations such as St. Peter’s need to focus on their most sensitive information and assets as for hackers, that data is their No. 1 goal.

“In every organization we have walked into, not one could identify where 100% of their most business-critical assets were – whether that’s a server containing sensitive data or the devices and applications key admin were using to update and patch systems,” Asnani added. “This level of awareness and visibility is what increasingly challenges organizations and often lands them on lists such as the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal.”

Mike Schuricht, vice president of product management at Bitglass Inc., said that despite healthcare data breaches hitting a four-year low in 2017, that number may increase this year.

“Through the first two months of 2018, the number of reported breached records has increased 377 percent compared to the same period in 2017,” Schuricht said. “While the St. Peter’s breach registers just behind the OSU Center for Health Sciences data breach as the second-largest reported healthcare data breach this year, the increase in breached records does not account for any large-scale leaks.”

Schuricht was somewhat positive, noting that recently organizations have been doing a better job in putting mechanisms in place to limit the number of lost records and individuals affected.

“Widely deployed solutions like behavior analytics and proactive security measures like encryption and content redaction are all effective means of mitigating breach risk,” Schuricht added. “And yet, there is always room for healthcare organizations to improve, especially at the regional level where security budgets and resources struggle to keep pace with the evolving threat landscape.”

Photo: Google Maps

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.