Email
Password
Remember meForgot password?
    Log in with Twitter

article imageErnest Health suffers data breach of patient records Special

By Tim Sandle     Apr 11, 2019 in Health
An undisclosed number of patients at the Rehabilitation Hospital of Northwest Ohio, owned by Ernest Health, had their personal data compromised. A data security expert provides an assessment.
The data breach occurred after a third-party gained unauthorized access to employee email accounts. The compromised information includes names, Social Security numbers, driver’s license information, dates of birth, health insurance and patient care information.
Anurag Kahol, CTO and co-founder of Bitglass explains to Digital Journal what the implications of the data breach area. Bitglass is a cloud access security broker (CASB) and just recently announced $70 million in Series D funding.
According to Kahol, the data is in itself significant: “Regulated under HIPAA, protected health information (PHI) is one of the most sensitive categories of data. While consumer payment information will periodically be updated or cancelled, PHI has a longer shelf life and can be used in several ways, making it an exceptionally attractive target for hackers."
As an example, Kahol notes: "When someone’s Social Security number is compromised, malicious third parties can use it to open financial accounts, get medical care, file a false tax refund, steal the individual’s unemployment or Social Security benefits, and much more."
Kahol places the data breach in context with other cybersecurity issues: "Unauthorized access and disclosure were among the leading causes of data breaches in healthcare in 2018; they were responsible for 35.9 percent of breaches, just behind hacking and IT incidents (45.9 percent). As such, healthcare organizations, must employ the appropriate technologies and cybersecurity best practices if they are to secure patient data within their IT systems."
Kahol reiterates the importance of maintaining security: "Stated simply, it is critical to maintain visibility and control wherever data goes. Fortunately, cloud access security brokers allow organizations to enforce real-time access control, encrypt sensitive data at rest in the cloud, control the sharing of data with external parties, prevent data leakage, and adhere to compliance frameworks such as HIPAA. There are many capabilities available to healthcare organizations that want to improve their security postures.”
More about Ernest Health, Data privacy, data security
More news from
Latest News
Top News