4 Million Patient Records Stolen in Second Largest HIPAA Data Breach

September 4, 2013
104 Views

Advocate Health Care marks the second largest HIPAA data breach since the breach notification rule was implemented in 2009, losing more than 4 million patient records in a theft of four unencrypted computers. The data included personally identifiable patient information as well as clinical data, including diagnoses and health insurance information.

Advocate Health Care marks the second largest HIPAA data breach since the breach notification rule was implemented in 2009, losing more than 4 million patient records in a theft of four unencrypted computers. The data included personally identifiable patient information as well as clinical data, including diagnoses and health insurance information.

A senior vice president from Advocate acknowledged that the sensitive data shouldn’t have been stored on the computers’ hard drives, but instead maintained on their secure network. One of the steps they’re taking toward remediation includes mapping its computer and software systems in order to identify where patient data is stored, and how to secure it. This is also one of the first steps that should be taken toward data encryption – classifying sensitive data and then selecting a proper encryption method is next.

OHIPAA Private Cloudne way to keep data protected on secure networks is by using SAN (storage area network) disk-level encryption that encrypts the data as it’s written to disk. With an enterprise-class private cloud, your compute, memory and disk performance is completely dedicated to your organization – no sharing of resources.

Encryption of data at rest and in transit is highly recommended to meet HIPAA standards §164.312(a)(2)(iv) and §164.306(e)(2)(ii) for encryption of electronic protected health information (ePHI) anywhere data is also stored or archived as backups.

If you’re a healthcare organization seeking an encrypted data and application hosting solution, ask your HIPAA cloud hosting provider if they are able to provide encryption, and if they provide encrypted offsite backup. Without encryption, your data may be at risk if accessed by unauthorized users, and you are subject to the HIPAA Breach Notification Rule that requires public notification for data breach affecting over 500 individuals.

However, encryption can’t do it all – for a layered security approach, consider enlisting other data security tools such as File Integrity Monitoring (FIM), a Web Application Firewall (WAF), Daily Log Review and other technical security services.


You may be interested

IEEE Big Data Conference 2017 to Highlight Challenges, Opportunities
Big Data
65 shares637 views
Big Data
65 shares637 views

IEEE Big Data Conference 2017 to Highlight Challenges, Opportunities

Ryan Kade - June 23, 2017

Since 2013, the Institute of Electrical and Electronics Engineers has held annual big data conferences to highlight changes and opportunities…

10 of the Top Marketing BI Software Options
Business Intelligence
117 shares1,019 views
Business Intelligence
117 shares1,019 views

10 of the Top Marketing BI Software Options

Hayden B. - June 23, 2017

Business can be complicated sometimes. It’s not always easy to keep track of all the data and information we deal…

The Race for 5G Is the Race for Data Dominance
Big Data
80 shares887 views
Big Data
80 shares887 views

The Race for 5G Is the Race for Data Dominance

Daniel Matthews - June 22, 2017

Have you noticed how often the phrase “by the year 2020” comes up? In the tech sphere, many are heralding…