Dartmouth College's Center for Digital Strategies recently released a study about "Data Hemorrhages in the Health-Care Sector". The study examines the consequences of data breaches, from privacy violations to medical fraud to identity theft (financial and medical). The analysis demonstrates substantial vulnerability for the healthcare sector.
The report indicates that data breaches are coming from all sides of the healthcare sector: hospitals, physicians, laboratories, and outsourced service providers. The paper looks in particular at medical identity theft, a dangerous outcome we've discussed previously.
The report pays special attention to inadvertent data losses over peer-to-peer (P2P) networks. The analysis uncovered thousands of files containing medical information on publicly available file sharing networks. That data may have gotten there inadvertently - from malware or from a bad filesystem that had confidential files with music files.
"We found multiple files from major health-care firms that contained private employee and patient information for literally tens of thousands of individuals, including addresses, Social Security Numbers, birth dates, and treatment billing information. Disturbingly, we also found private patient information including medical diagnoses and psychiatric evaluations."
The report indicates that the risk of patient information disclosures on P2P networks is higher than if a laptop or data device is lost. The report found that tracking and stopping medical data breaches is more complex given the fragmented nature of the US healthcare system.
This report reminds us of the importance of a strong data access policy. Who can access what data and where - can data be transfered to other devices? Computrace can help in that, with our Secure Asset Tracking® telling you where your devices are and what software/hardware is installed on them. Like with other aspects of data security, choose a layered process containing the right technology, processes and policies to help protect confidential information.