Several Data Breaches Occurred at Calif. Health Companies This Year
Since the beginning of the year, several data breaches have occurred at health care companies in California, according to records maintained by the state attorney general, the Wall Street Journal's "CIO Journal" reports.
According to "CIO Journal," observers say the breaches show that health care providers did not take basic precautions to protect patient data, such as encryption.
Details of Data Breaches
At least eight data breaches have been reported this year by medical vendors and health insurers in the state, including:
- The theft of an unencrypted laptop containing the records of 3,100 patients reported by health care technology vendor SynerMed;
- The theft of desktop computer hardware containing personal medical data reported by Walgreen's Crescent Healthcare;
- The theft of an unencrypted laptop containing information relating to patient care reported by the Lucile Packard Children's Hospital in Palo Alto; and
- The discovery of personal information -- including names, birthdates and Social Security numbers -- of 4,500 Sutter Health patients during a drug bust by police.
Implications
The California attorney general's office said that it is unclear whether the high number of data breaches correlates with the adoption of electronic health records. The implementation of stricter reporting requirements for data breaches in 2012 also could have led to the disclosure of more incidences, state officials said.
Darren McLachlan, vice president of information technology at SynerMed, said the number of breaches suggests that security protections are not keeping pace with technology reform in the health care industry. He said, "It's an adjustment phase. (The industry) still has a good five years to get to the point where we fully reap the benefits of going electronic," adding that "security is going to get much better, but there will still be that risk."
Luis Taveras, CIO of Hartford HealthCare in Connecticut, said the "silver lining" of data breaches is that "they make us more aware" of security problems (Schectman, "CIO Journal," Wall Street Journal, 6/12). This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.