Pennsylvania healthcare system offers public notice of recent security incident.
Penn Highlands Brookville has confirmed a “data security incident” involving approximately 4,500 patients of Barry J. Snyder, MD, according to a PHIprivacy press release. Penn Highlands Brookville is one of the four hospitals that comprise Penn Highlands Healthcare in Dubois, PA.
On August 14, 2014, the healthcare provider discovered a computer server containing Dr. Barry J. Snyder’s patient information had been compromised by a third party intruder who potentially accessed the server holding the data. The breach was experienced by a third party vendor located in Ohio that had been contracted to maintain records for Dr. Snyder.
Information that may have been affected included names, addresses, birthdates, driver’s license numbers, Social Security numbers, phone numbers, insurance information , medical information, and gender. While it is not certain that the compromise of any data actually occurred, Penn Highlands Brookville notified affected patients and encouraged them to take appropriate steps to protect their identify.
In the wake of the possible breach, Penn Highlands instructed the third party vendor to remove the patient data from the affected server, and all of Dr. Snyder’s patient information has been moved to a secure server. Such instances again raise issues of cyber security and off-premise storage and maintenance of patient data, which is closely regulated by HIPAA guidelines.
As a ClearDATA white paper asserts, “According to the Identity Theft Resource Center, healthcare data breaches accounted for 44 percent of all breaches in 2013 – the first time the healthcare sector topped this list. Perhaps the main reason for such a large proportion is because personal health information (PHI) is worth roughly 50 times more than credit card or Social Security numbers.”
Health data breaches are now estimated to cost $5.6 billion a year, and RedSpin reports personal data breaches soared by 138 percent in 2013. As data breaches mount, it is becoming increasingly clear data security is paramount to healthcare IT responsibilities. One solution, some suggest, is encryption of data, particularly data held on the cloud.