According to a news story reported by U-T San Diego, personal information including names, dates of birth, diagnoses, treatments and insurance information of nearly 5,000 patients was stolen last month from Palomar Health. The data included 36 Medicare identification numbers. While the stolen data included no specific medical records or financial information, personal information was exposed. It is believed that someone swiped a company laptop and two flash drives from an employee's car.
The Role of Mobile Devices
A primary reason for the increase in data breaches is the excessive use of smartphones as well as the increasing number of employees who take office laptops and tablets home. While access to these devices is considered to have a positive impact on productivity, it can also be risky, especially in cases when the data are not encrypted.
However, all blame cannot be placed on devices that are taken home since the same devices can be (and have been) stolen from offices as well. In fact, a data breach at Santa Rosa Memorial Hospital affected nearly 33,000 patients. Data were stolen when a computer thumb drive with information on patients' X-rays went missing from an outpatient imaging centre.
Apparently, the drive had gone missing from the locker of a staff member who had backed up these records on the drive with the intention of migrating the data to Santa Rosa Memorial's electronic medical records system. Comprehensive information was stolen including first and last names, gender, medical record numbers, dates of birth, dates and times of service, area of the body images, names of the X-ray technologists and radiation levels required to produce the X-ray.
These recent breaches indicate that unencrypted flash drives and data sticks are too risky, especially in a hospital/medical setting, because data generally contain personal and confidential patient information. It would be a much safer practice to store such confidential data in secured clouds where it can be accessed by authorized devices only. Data should be encrypted and access controls strictly enforced. This can go a long way in ensuring data are safe whether the device is at the office or at an employee's home. Not only will employees enjoy the benefit of having access to important data 24 hours a day, but the safety and security of these data would also be ensured.
Image Credit: Globalnews.ca