![Beth Givens at Privacy Revolution session]( "Beth Givens at Privacy Revolution session")
PRC Director Beth Givens gives an insight into Medical data breaches
The San Diego-based Privacy Rights Clearinghouse has come up with a list of 2011′s six most significant data breaches.
An overview
2011 has been a bad year for Medical data breaches. According to the PRC there were a total of 535 breaches that involved 30.4 million sensitive records. When we talk about sensitive information we mean Social Security numbers, drivers license numbers, financial account information and medical data.
Top breaches
The worst hit was Health Net as nine of its data servers went missing from a Northern California data center in January. The servers had records of almost two million current and former policy holders.
Sutter Health experienced data breach when its company-issued computer was stolen from Sutter’s Medication Foundation offices. Health Data of more than 4 million patients was compromised.
Tricare Management Activity and Science Applications International Corporation – Backup tapes containing data ofto 4.9 million patients were stolen from an employee’s car.
What do regulators have to say?
Regulators feel industry and legislative mandates to protect sensitive information need a revamp. National data privacy laws are gaining importance on both the national and local levels. Regulators are looking at industries where personal information is of utmost importance. Institutes such as HIPAA in healthcare and the Gramm-Leach-Bliley Act (GLBA) in financial services. It is not only the lawmakers who are imposing mandates for data security. There are a few indutries like Payment Card Industry Data Security Standard (PCI DSS) that have come up with security regulations when it comes to storing credit card information.
The other important aspect eyed by IT professionals is cloud computing. A recent EMA survey shows that organisations that had adopted or planning to adopt cloud computing were making sure that the use of data security and privacy controls was an important aspect of Service Level Agreements (SLAs) with Cloud providers.
According to Paul Hogan, CEO of T3 “This recent legislation proposal shows the absolute crisis that the US and the world’s largest corporations and government are facing regarding data breaches and the subsequent leakage of extremely sensitive consumer and government information. Cyber attacks have been around for a long time, however due to their sensitive nature, large corporations have tried their best to keep them from being reported to the media, which would no longer be possible if this legislation passes which we believe is simply a matter of time.”
Here is Beth Givens, PRC director’s statement “This is a conservative number,” said Givens. “We generally learn about breaches that garner media attention. Unfortunately, many do not. And, because many states do not require companies to report data breaches to a central clearinghouse, data breaches occur that we never hear about. Our chronology is only a sampling.”
Hospitals can secure themselves with Alertsec
Organisations and hospitals, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.
