Yet another breach incident puts health information of 168,500 individuals at risk. According to a public notice, Sutherland Healthcare Solutions, a third-party billing vendor reported theft of several unencrypted company computers on 5th of February. The computers were stolen from the Los Angeles County public health and health services departments. Following this report, breach notification letters are being sent to all affected individuals.
Officials have confirmed that the stolen computers contained sensitive data including Social Security Numbers, billing information, demographic data, dates of birth and other protected health information such as medical diagnoses.
Making a statement on March 6th, Vice President and Head of Healthcare Compliance at Sutherland Global Services, Karen J. Pugh said that the organization regrets the inconvenience caused and is reviewing policies and procedures concerning information security, while also providing additional training to the workforce.
Since the compromised information includes Social Security Numbers, Sutherland is offering credit monitoring services to the patients involved.
Encryption- The Key Security Mantra
Time and again the Department of Health and Human Services’ Office for Civil Rights has been emphasizing the importance of encrypting data to protect patient information. Even in the past month, Susan McAndrew, Deputy Director for Health Information Privacy at OCR reinforced the importance of encryption while speaking at HIMSS14, where she particularly emphasized the need to encrypt each and every device that leaves the office. However, breach incidents like this one continue to occur, revealing that several healthcare entities and their business associates are yet to take the need for encryption seriously.
It is worthy of noting that theft currently accounts for a major share of HIPAA privacy and security breaches, representing 48 percent of all breaches reported. Till date, covered entities and business associates have settled $18.6 million in penalties for HIPAA violation, out of which, $3.7 million has been settled last year alone. And these numbers do not include the state and private legal settlements.
The disturbing fact is that protected health information of about 30 million individuals has been compromised due to HIPAA privacy and security breaches till date. And this number only seems to be growing. With HIPAA audits all set to begin this year, healthcare providers and their business associates have to take serious steps to protect health information. Comprehensive security solutions such as Aegify Security Posture Management and Aegify SecureGRC can ensure data encryption, periodic risk assessments, and help them steer clear of security incidents.