Healthcare Accounted For Almost Half Of 2014 Client Breaches

By Christine Kern

Health IT Outcomes

Originally published March 12, 2015

A Kroll study has found the healthcare industry accounted for 49 percent of the company’s “client events” during 2014, followed by business services (retail, insurance, and financial services) at 26 percent, and higher education at 11 percent. The study further found malicious intent breach events increased while those caused by human error declined.

The entire article is here.

Healthcare Industry Still Struggling with Information Breaches

By Carlton Purvis

www.securitymanagement.com

The healthcare industry experiences more data breaches than any other industry, according to Privacy Rights Clearinghouse (PRC) data.

PRC maintains a database of privacy breaches from 2005 to the present. When available, the database includes what type of information was breached, how many records were affected, the organization that was storing the data, the types of records accessed, and a narrative of the circumstances surrounding the breach.

In 2011, 170 of 481 publicly disclosed breaches happened in the medical industry. Most of the breaches (50 breaches containing at least four million records) happened after portable data devices went missing. In several cases, the information was on laptops and flash drives that had been stolen or lost.

The entire story is here.

Wellpoint Reaches Settlement on Data Loss

From InfoSecurity.com

WellPoint has reached a preliminary settlement in a class-action lawsuit filed in California Superior Court for the potential exposure of data belonging to more than 600,000 health insurance applicants on a company-run website.

Under the settlement, WellPoint agreed to offer credit monitoring services for two years to all affected individuals, according to a report by amednews.com.

The company agreed to reimburse affected individuals up to $50,000 for any identity theft losses; individuals have until May 31, 2016, to file an identity theft loss claim. The company also agreed to donate a total of $250,000 to two nonprofit organizations whose efforts are directed at protecting consumers' privacy on the Internet, according to the report.

The situation came to light when an applicant to WellPoint-owned Anthem Blue Cross of California sued the company in March 2010, according to a report by amednews.com. The applicant said he was able to manipulate the web address within the site and gain access to other applicants’ information, including names, addresses, dates of birth, social security numbers, and health and financial information.

When the class-action lawsuit was filed, the company said an upgrade to its system caused the information to be exposed. A third-party vendor had said that security measures were in place, when if fact they were not.

A hearing is scheduled for November at which time the court will decide whether to approve the settlement, the report noted.

Last month, WellPoint agreed to pay $100,000 in fines for delaying notification to 32,000 Indiana customers affected by a possible data breach in a settlement with the Indiana Attorney General.