Healthcare data breach
Research indicates that privacy and safety violations in the health care are higher than in any other industry in the U.S. In 2019, more than 41.4 million health care information records were accessed illegally after about 600 security incidents, according to the Prootenus Breach Barometer. With 481 of all the 572 cases having been reported, 2019 saw a significant rise in the number of reported breaches which stood at 15 million in 2018 (Davis, 2019).
One of the latest violations of security and privacy regulations on health information involved the Medical Informatics Engineering (MIE). The U.S. based firm that offers medical records services was accused of exposing about 3.5 million patient records to attackers. The attack did not involve the insiders, but the weaknesses in the firm’s internal operations contributed heavily to its execution (Leyden, 2019). According to investigations, the attacks started as early as 2015, when the company first noted a compromise of its data via weak user identification and password. Subsequent investigation of the matter concluded in 2019 revealed that MIE failed in conducting a thorough risk analysis that could have prevented the breach.
The privacy and security of information breaches had massive impacts on MIE. First, its clients lost trust in the company regarding the protection of patient information leading to lower business. Secondly, the breach hurt the company’s reputation in the community, which potentially offended its funders. The firm was also forced to part with $100,000 as a settlement to the lawsuit that ensued (Leyden, 2019). Finally, the company was compelled to lay new strategies to enhance its operations to ensure regulations. Such realignment is costly but was inevitable in MIE’s case.
Once a class-action lawsuit was filed by some patients, the government, through the U.S. Department of Health and Human Services (HHS), reacted by actively supporting the course (Leyden, 2019). The director of the office for Civil Rights at the HHS argued that custodians of patient information must thwart the action of hackers. According to the department, the attack was facilitated by unacceptable carelessness in managing vulnerabilities and potential risks of the firm’s systems. The government’s reaction has been hailed as a positive move as it will help improve the handling of vital records (Ishoy, 2014). Experts argue that it will help the occurrence of similar events in the future.
References
Davis, J. (2019). Latest Health Data Breaches News – Page. Retrieved 3 June 2020, from https://healthitsecurity.com/topic/latest-health-data-breaches/P60
Ishoy, G. (2014). Reassessing the Purpose of Punishment: The Roles of Mercy and Victim-involvement in Criminal Proceedings. Criminal Justice Ethics, 33(1), 40-57. doi: 10.1080/0731129x.2014.903631
Leyden, J. (2019). U.S. medical records firm to settle HIPAA violations over data intrusion. Retrieved 3 June 2020, from https://portswigger.net/daily-swig/us-medical-records-firm-to-settle-hipaa-violations-over-data-intrusion