Don’t set yourself up to go to prison by thinking you are setting the government up to overpay you.
Podcast: Play in new window | Download
Tag: record
Cyber criminals pay far more for health data than for credit card or banking information.
Don’t set yourself up to go to prison by thinking you are setting the government up to overpay you.
Yes, that’s what they told me. My PHI would be safe because they would be entered into their system. It that’s the case, then pigs can fly.
Listen in to the story of the “safety” of PHI at Holland Eye Surgery and Laser Center, which discovered that a hacker began accessing their electronic records in 2016 and, that over time, more than 42,000 patients’ PHI was exposed.
Comment or contact me if you’d like to discuss this post.
Mark F. Weiss
Podcast: Play in new window | Download
Cyber criminals pay far more for health data than for credit card or banking information.
It’s 2:45. Do you know where your medical records are?
It’s 2:45. Do you know where your medical records are?
A week or so ago, I filled in endless new-patient paperwork. When I handed the clipboard and forms back, I noticed that other patients’ forms were spread across the counter, easy for anyone to read.
I asked about their process to assure the safety of my information. The response: “Don’t worry. In about 5 minutes it will be entered into our system so that it will be safe.”
I didn’t feel like arguing, or even pointing out the stupidity of that response. Entering data into a system has very little, in fact, nothing, to do with protecting it.
Take the recent announcement of the “safety” of PHI at Holland Eye Surgery and Laser Center. Located in Holland, MI, the center discovered that a hacker began accessing their electronic records in 2016 and that over time, more than 42,000 patients’ PHI was exposed.
How did Holland Eye ferret out the the breach?
On its own? No.
By using a red team including cyber security experts? No.
It was the hacker who contacted the clinic to announce the breach. But the question of when that contact occurred is an even better part of the story.
The hacker, called, with obvious dark humor, “Lifelock,” says that it contacted Holland on more than 30 occasions over a two year period, during which time he sold patient information on the dark web, apparently to put pressure on Holland Eye to pay a $10,000 “security fee” to help secure its patients’ data.
The practice says it was on March 19, 2018. They gave notice to the U.S. Dept. of Health & Human Services’ Office of Civil Rights on May 18, 2018.
Considering that the law requires notification of a breach within 60 days, I wonder who’s telling the truth?
Comment or contact me if you’d like to discuss this post.
Mark F. Weiss
I recently read a post on someone’s blog in which the author addressed the question of using Amazon’s Alexa in an operating room. I used to think that there was no such thing as a stupid question, but now I have to reconsider.
