• Home
• Topics
  • Business and Finance
  • Chronic Disease Care
  • Consumer Information
  • Data Standards
  • EHRs and PHRs
  • Global Health
  • Health Plans
  • Hospitals
  • Meaningful Use
  • Mobile Health
  • ONC
  • Patient Safety
  • Physician Practices
  • Policy
  • Privacy and Security
  • Public Health
  • Telehealth
• Perspectives
  • Current Perspectives
  • Perspectives Archive
• Features
  • Current Feature
  • Features Archive
• Data Points
  • Current Data Point
  • Data Point Archive
• Special Reports
• Most Popular
  • Most Viewed
  • Most Emailed
  • Most Commented

EVENTS

View All Events

FROM THE FOUNDATION

Informing Choices, Improving Outcomes

The California Joint Replacement Registry collects data on device efficacy, surgical techniques, and patient outcomes for hip and knee replacements. A new report details how this CHCF-sponsored effort is faring.

Most hackers who infiltrate health IT systems are seeking financial data, not medical information, according to a new report by Verizon Communications, InformationWeek reports (Versel, InformationWeek, 10/24).

Report Details

For the 2012 Verizon Data Breach Investigations Report, researchers analyzed 855 data breaches involving more than 174 million records from the health care, financial services, retail and hospitality industries (Irving, PhysBizTech, 10/24).

In the health care and social services sectors, researchers examined 60 confirmed data breaches that occurred during the past two years. They focused on incidents that involved hacking or the introduction of malware. The report did not examine breaches that involved the loss or theft of portable electronic devices (InformationWeek, 10/24).

Health Care-Related Findings

Most of the analyzed health care data breaches affected organizations with between one and 100 employees, most of which were outpatient facilities like medical and dental practices.

Researchers found that such breaches are "almost entirely the work of financially motivated organized criminal groups, which typically attack smaller, low-risk targets to obtain personal and payment data for various fraud schemes" (PhysBizTech, 10/24).

The report noted that the most common health care data breach scenarios involve hackers:

• Looking online for low-risk targets; and
• Infiltrating systems and planting malware to extract data quickly (Hall, FierceHealthIT, 10/24).

In addition, researchers found that about two-thirds of data breaches continue for months before businesses detect them and that most organizations are unaware of the breach until they are notified by law enforcement officials or credit card companies (PhysBizTech, 10/24).

Recommendations

The report recommended that health care providers:

• Ensure that their credit and debit card readers -- also knows as point-of-sale terminals -- are Payment Card Industry Data Security Standard compliant;
• Change passwords on point-of-sale terminals;
• Implement a firewall or access control list on all remote access and administration services; and
• Encrypt user devices and media that contain medical and personal records (FierceHealthIT, 10/24).

• Print
• Email
• Share
  • Facebook
  • Twitter
  • Google+
  • LinkedIn
  • Digg

RELATED STORIES

10/23/2012

Former Hospital Worker Pleads Guilty to Stealing Patient Information

10/22/2012

Most VA Computers Unencrypted, Despite Mandate, Report Finds

10/18/2012

Hospital Medical Devices Could Be Vulnerable to Malware, Experts Say

09/28/2012

GAO: Medical Devices Vulnerable to Hacking, Oversight Needed

MOST POPULAR ARTICLES

• 
• 
•