Data breaches where protected health information is exposed can be costly, create an administrative burden, and may ultimately lose future business. Fortunately, implementing proper compliance processes and policies can prevent many data breaches.
Here is a list of healthcare data breaches that have been documented in Oklahoma since 2005. Hopefully, each occurrence provides a valuable lesson in the importance of proactively securing patient data.
- In April 2014, national headlines were made when Community Health Systems, a national provider of healthcare, announced a security breach of over 4 million patient names. A cyber attack hacked into CHS systems, accessing patient records, financial information, and identifying information. CHS operates 10 hospitals in the state of Oklahoma.
- 2012 Integris Health Administrative Breach: In Oklahoma City, data vulnerabilities were discovered that would allow unauthorized users access to hospital operations. Fortunately in this case, the security breach was resolved before information was taken.
- 2012 Muskogee Regional Medical Center Physical Breach: In Muskogee, reports of a binder containing flu test results for the entire calendar year went missing. This binder contained patient names, account numbers, ages, and test results.
- 2012 Preferred Skin Solutions Physical Breach: In Tulsa, a laptop with client records was stolen in an office burglary. No financial information was exposed; however, patient identities were at risk for identity theft.
- 2011 Saint Francis Broken Arrow Physical Breach: In Broken Arrow, a 7-year-old laptop that was not being used was stolen. This one computer jeopardized medical information for over 80,000 patients.
- 2010 Norman Pediatric Associates Administrative Breach: In Norman, there was a discovery that intact medical records, including patient social security numbers, were found at a local recycling center.
- 2010 University of Oklahoma-Tulsa Neurology Clinic Technical Breach: In Oklahoma City, a malware virus was found on an internal computer. Patient names, social security numbers, phone numbers, birth dates, and other information were accessed by the computer virus.
- 2010 Saint Francis Hospital Physical Breach: In Tulsa, a former employee was caught after stealing patient information in attempts to create fraudulent credit card accounts.
- 2006 McAlester Clinic and Veteran Affairs Medical Center Physical Breach: In Muskogee, three computer disks containing patient names, social security numbers, and billing information were lost in the mail.
No healthcare data breach is insignificant. Each data breach instance in Oklahoma over the past ten years varies in size. However, whether it is a national cyber security attack or a single stolen laptop, each security breach is a costly mistake. By taking the proper steps to implement compliance policies and security software, data breaches like these can be avoided.
Are you concerned about healthcare data breaches at your facility? Let us know your thoughts in the Comments box below.
To learn more about securing your healthcare data, be sure to download your free Information Technology Guide for Oklahoma City Home Health Care Organizations.