Call me paranoid, but I believe that people have to be alert 24/7 about their personal data. Recently I posted a blog about how information stolen in Fort Hood, Texas about 20 soldiers led to more than 2,000 attempts to use their identities to make money. Here's a more staggering statistic: 2,284 endoscopy patients' information is missing because two data cards were lost or misplaced at the Mountain Vista Medical Center in Meza, Arizona two months ago.
People tend to think in a linear fashion. Health care workers concentrate on their patients, as they should, but they need to be trained to think of every component in their workplace as cash to be guarded. No doubt they are careful about the equipment they use insofar as they try to avoid physical damage. But, like every worker I've dealt with in offices, they don't think too much about the IT part. If there's a problem, they just call IT to fix it. In this case, the issue is the privacy of the patients' medical information (names, dates of birth, ages and genders), not their addresses, Social Security numbers and credit card information. Still, it was enough for the medical center to notify patients of the incident and to offer them the standard patch -- one year of free credit monitoring services.
Fortunately, the hospital has revised security procedures for storing compact memory cards and are retraining employees on procedures related to confidentiality and security. That said, there is reason to be concerned about other security vulnerabilities at the hospital. Hackers don't give up. Just yesterday, my wife was at a small credit union in Stamford and one of the top employees said, "You can't simply throw out papers anymore. You have to shred them." She went on to explain that if a hacker isn't successful right away, he or she will wait a few months to use the information he has. Time is on the side of the hackers.
No comments:
Post a Comment