Friday
May082009
« Personal data stolen from State health agency »
Friday, May 8, 2009 at 07:33PM
Hackers broke into a Virginia State health agency taking millions of patient records containing personally identifying details and demanding $10 million ranson. Several websites and blogs have reported on the details of what happened.
What I'd like to bring to light is the challenge that state health agencies and health organizations have when it comes to securing our personal information. And the current healthcare industry view of wanting to manage the technology and data within their organizational silos. The result will be more security breaches, which will lead to personal identity theft, risk of personal loss, and lawsuits.
It is a fact of doing business in healthcare that information needs to be shared. For instance, you may talk to your family physician, be recommended to see a specialist, have a surgery, and speak to someone else for your recovery. I would think you want those professionals to easily and quickly share your medical history to make informed decisions about your health.
To help accomplish this, the latest trend is to give physicians money to purchase electronic medical record systems. This will allow them to share your information quickly and efficiently. However by putting more personal data onto computer systems increases the opportunity for hackers to find your valuable data. (It's impossible to hack a file folder of paper but the benefits of technology far outway the old paper system.)
So what to do. You may say, hospitals, clinics, and your doctor's office should just buy more software to secure your data. I'm assuming the Virginia health agency with the security breach bought security software and that didn't help them.
Providing strong, secure systems is a costly affair, one best left to specialists and data centers. And this is where the internet and what is called, cloud computing, comes in. It's why I would feel more comfortable with my personal data being stored by Google Health, Microsoft HealthVault, or Walmart's new internet EMR system.
These companies pay handsome salaries to very smart people to think about security all the time. They have the budget for the best security software and protocols. And they have a financial interest in keeping your personal information safe. One security breach could result in massive lawsuits and potential bankrupcy.
I suspect nothing will happen to the Virginia Department of Health Professionals. They will still continue to operate. They may pay consultants to patch the security hole from their latest breach. However I bet they will continue their silo-is-better mentality.
Positively, a bright light will expose today's gaps in securing your personal data within silo-focused healthcare organizations.
What I'd like to bring to light is the challenge that state health agencies and health organizations have when it comes to securing our personal information. And the current healthcare industry view of wanting to manage the technology and data within their organizational silos. The result will be more security breaches, which will lead to personal identity theft, risk of personal loss, and lawsuits.
It is a fact of doing business in healthcare that information needs to be shared. For instance, you may talk to your family physician, be recommended to see a specialist, have a surgery, and speak to someone else for your recovery. I would think you want those professionals to easily and quickly share your medical history to make informed decisions about your health.
To help accomplish this, the latest trend is to give physicians money to purchase electronic medical record systems. This will allow them to share your information quickly and efficiently. However by putting more personal data onto computer systems increases the opportunity for hackers to find your valuable data. (It's impossible to hack a file folder of paper but the benefits of technology far outway the old paper system.)
So what to do. You may say, hospitals, clinics, and your doctor's office should just buy more software to secure your data. I'm assuming the Virginia health agency with the security breach bought security software and that didn't help them.
Providing strong, secure systems is a costly affair, one best left to specialists and data centers. And this is where the internet and what is called, cloud computing, comes in. It's why I would feel more comfortable with my personal data being stored by Google Health, Microsoft HealthVault, or Walmart's new internet EMR system.
These companies pay handsome salaries to very smart people to think about security all the time. They have the budget for the best security software and protocols. And they have a financial interest in keeping your personal information safe. One security breach could result in massive lawsuits and potential bankrupcy.
I suspect nothing will happen to the Virginia Department of Health Professionals. They will still continue to operate. They may pay consultants to patch the security hole from their latest breach. However I bet they will continue their silo-is-better mentality.
Positively, a bright light will expose today's gaps in securing your personal data within silo-focused healthcare organizations.
tagged leadership, security
leadership, security
Reader Comments (1)
David asks and answers three great questions on his post about Virginia's breach (I summarize):
1. what is this country's data insecurity?
2. what preventive steps should be taken?
3. what should be communicated in event of a breach?
http://healthblawg.typepad.com/healthblawg/2009/05/the-virginia-prescription-record-security-breach-the-big-picture.html
Tom