Here is another article about things going on around Rochester.
One of the most dangerous and hard to control factors plaguing businesses in recent years has been the threat of digital security breaches.
Likely one of the largest stories in the past few months, revolving around a celebrity, has sparked more concern over the subject. According to The Washington Post, when movie and television star Charlie Sheen revealed his HIV+ status, the real controversy stemmed from his claims that he had been blackmailed for upwards of $10 million from hackers who threatened to reveal this sensitive information.
Average American citizens are not at as high of a risk for one of these security breaches, but more and more tech savvy criminals are taking advantage of their ability to break into systems and scrape medical information — including mental illness diagnoses, surgical or abortion procedures performed, or even Viagra prescriptions — to use as leverage against wealthy celebrities for ransom.
While hacker attacks have predominantly focused on stealing financial information directly, increasingly more are aiming at using this personal health information as blackmail.
One example is Rochester, NY, based health insurance company Excellus Blue Cross, which reported the theft of personal information, such as names, addresses, and Social Security numbers, as well as sensitive medical information, from over 10 million of their clients.
Coming on the heels of the Excellus Blue Cross breach, Health IT Security reports that New York Attorney General Eric T. Schneiderman reached an HIPAA settlement with the University of Rochester Medical Center (URMC), as a result of a data breach from last spring that comprised approximately 3,400 patients’ personal health information.
In this case, an employee was the culprit of this theft. Yet unfortunately, this is nothing new, considering that an estimated 57% of small businesses have reported staff-related cyber breaches in recent years.
It was a former URMC nurse practitioner who had, over time, left work with a list of names, addresses, and diagnoses for a total of 3,403 patients without permission.
The branch she worked in, Greater Rochester Neurology (GRN), had reported the breach to URMC, but luckily later reported having returned or deleted any of the stolen information.
The settlement will require GRN to pay a penalty of $15,000, as well as face regulations for extensive workforce training on policies and procedures related to the protection of patient health information.
“This settlement strengthens protections for patients at URMC, and it puts other health care entities on notice that my office will enforce HIPAA data breach provisions,” said Schneiderman.
From here on out, URMC will be keeping written records documenting the training process.