Dive Brief:
- Clay County Hospital recently experience a data breach involving an anonymous email sent Nov. 2 "that contained protected health information of some clinic patients," the Flora, IL-based organization said in a statement. "The e-mail sender threatened to release this information to the public if they did not receive a substantial payment from the hospital."
- According to the hospital, the compromised data was limited to patients who visited one of the organization's clinics on or before February 2012 and the only exposed information included name, physical address, social security numbers and date of birth. "No medical information was accessed or disclosed," said the organization. "Extensive reviews from outside forensic experts concluded that Clay County Hospital servers have not been hacked and remain secure due to the rigorous security program that meets the standards set by the HIPAA HITECH Act."
- Clay County Hospital said it would beef up its internal security measures, which include additional logging systems and auditing features to track and control data access.
Dive Insight:
Sometimes no matter what an organization does to prevent data breach—and there is nothing that is 100% guaranteed—the hackers and identity thieves sneak in and compromise patient privacy. Plus, how to respond to being blackmailed by criminals probably wasn't in the hospital's breach protocol. Fortunately in this case, actual patient health information wasn't compromised (though the organization still faces penalties for data breach).
Data breach costs the healthcare industry more than $6 billion each year.
"Remember that PHI is a gold mine for hackers selling this data on the black market," security and privacy expert Adam Levin, the chairman and founder of IDT911, recently told Healthcare Dive. "Healthcare organizations should have strong security protocols in place."
