According to the New York Times, the patients visiting the emergency room at Stanford Hospital in 2009, got their private data leaked over the internet.
A site called Student of Fortune leaked the information regarding their names, diagnosis codes, account numbers, admission and discharge dates, and billing charges. The information has been available for well over a year to students on that site who can pay for tutorials that help them in doing their homework.It was probably leaked by Multi-Specialty Collection Services, a billing contractor for the hospital.
The leaked spreadsheet with sensitive information was posted as an answer to a question which required assistance in how to convert information into a bar graph.
Why was such sensitive data posted on a public forum without encryption and who would do such a thing are the questions to be raised now.
Firstly, HIPPA and HITECH acts in US require medical organizations to protect confidential data, but they outsource it to third parties, but it still can be kept safe by simply inserting a few more clauses in the contract that require them to keep the data well protected.
Secondly, our laws and attitudes need adjustment regarding protection of such data. You should treat data in the same manner even if it’s inside or outside.
Confidential information should not be considered “inside” or “outside”.
If your data requires protection when you are using it inside of your organization like while transferring it through USB flash drives, laptops and other gadgets then you should make sure that its safe when it’s on your (or your partner’s) servers and databases as well.
Rather than going after who got the data leaked, getting them fined and punished, it’s better to take precautionary measures and make sure it doesn’t happen again. Now is the high time to stop taking online and system based security of your data for granted and start giving firewalls, antivirus software programs and security applications a serious consideration.
Stay with us and get to know about how to separate least important data from the most critical one so that you identify which data is confidential and shouldn’t get leaked. Take all the steps needed in ensuring that you control that data and it remains safe.