135,000 patient records exposed in latest healthcare-related data breach
A healthcare provider in Albany, New York, is the latest to be targeted by hackers as records pertaining to 135,000 patients were potentially stolen.
The hack at the St. Peter’s Surgery & Endoscopy Center was discovered Jan. 8, and the hospital moved to take the data offline immediately. While saying in a statement that it has no evidence that any patient information was accessed or used in any way, it added that it was “unable to definitively rule that out.”
Data potentially accessed included patients’ names, dates of birth, addresses, dates of service, diagnosis codes, procedure codes, insurance information and, in some instances, Medicare information. No credit card or payment information is said to have resided on the affected server, however.
Discussing the hack, Manoj Asnani, vice president of product and design at Balbix Inc., told SiliconANGLE that the list of healthcare data breaches is too long to rehash, and the number of breaches we read about daily is likely severely understated.
“The St. Peter’s Surgery & Endoscopy Center breach is just another tick mark for healthcare breach stat book and there will be hundreds more before the year is over,” Asnani said. “Ultimately, the tried and not-so-true approaches to security in the health sector – compliance standards such as PCI DSS included – are Band-Aids at best and are flat-out ineffective against employee negligence or persistent attacks.”
Asnani explained that organizations such as St. Peter’s need to focus on their most sensitive information and assets as for hackers, that data is their No. 1 goal.
“In every organization we have walked into, not one could identify where 100% of their most business-critical assets were – whether that’s a server containing sensitive data or the devices and applications key admin were using to update and patch systems,” Asnani added. “This level of awareness and visibility is what increasingly challenges organizations and often lands them on lists such as the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal.”
Mike Schuricht, vice president of product management at Bitglass Inc., said that despite healthcare data breaches hitting a four-year low in 2017, that number may increase this year.
“Through the first two months of 2018, the number of reported breached records has increased 377 percent compared to the same period in 2017,” Schuricht said. “While the St. Peter’s breach registers just behind the OSU Center for Health Sciences data breach as the second-largest reported healthcare data breach this year, the increase in breached records does not account for any large-scale leaks.”
Schuricht was somewhat positive, noting that recently organizations have been doing a better job in putting mechanisms in place to limit the number of lost records and individuals affected.
“Widely deployed solutions like behavior analytics and proactive security measures like encryption and content redaction are all effective means of mitigating breach risk,” Schuricht added. “And yet, there is always room for healthcare organizations to improve, especially at the regional level where security budgets and resources struggle to keep pace with the evolving threat landscape.”
Photo: Google Maps
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.