Submitted via IRC for SoyCow1984
Health care providers – not hackers – leak more of your data
Your personal identity may fall at the mercy of sophisticated hackers on many websites, but when it comes to health data breaches, hospitals, doctors offices and even insurance companies are oftentimes the culprits.
New research from Michigan State University and Johns Hopkins University found that more than half of the recent personal health information, or PHI, data breaches were because of internal issues with medical providers – not because of hackers or external parties.
“There’s no perfect way to store information, but more than half of the cases we reviewed were not triggered by external factors – but rather by internal negligence,” said John (Xuefeng) Jiang, lead author and associate professor of accounting and information systems at MSU’s Eli Broad College of Business.
The research, published in JAMA Internal Medicine, follows the joint 2017 study that showed the magnitude of hospital data breaches in the United States. The research revealed nearly 1,800 occurrences of large data breaches in patient information over seven years, with 33 hospitals experiencing more than one substantial breach.
(Score: 2) by MichaelDavidCrawford on Wednesday November 21 2018, @05:54AM
As well as those of every other client of my mental health clinic:
Someone stole a laptop out of the parked car of one of that clinic's employees.
Now I ask you:
WHY THE FUCK DID THAT LAPTOP HAVE OUR SOCIAL SECURITY NUMBERS ON IT?
They request our SSNs when we request service at said clinic. If they had some legitimate use for them, one single computer in their entire office would have sufficed. That clinic could have stored our numbers in a database that's physically stored on just one computer, with some _other_ non-significant number serving as our unique keys.
I've been told they have much more effective information security now. That's why non of their staff can reply to client emails, despite that they feel free to leave voice mails on our phones.
I've repeatedly pointed out that voice mail is incredibly insecure, and that our families are often the very reason we require mental health treatment, but so far the best explanation I've gotten had been "That's a pay grade above mine, I'm afraid."
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by Spamalope on Wednesday November 21 2018, @12:33PM (1 child)
Health Care providers SELL more of your data
Fixed that title for yah.
I've been forced to use worker comp. My specific health information has been sold. I know because telemarketing scammers keep calling with sales pitches for products aimed at my specific injuries. This began within a month of the injury.
Of course, there is a possibility that one of the faux health providers is actually the telemarketer group as well.
(Score: 2) by darkfeline on Wednesday November 21 2018, @07:40PM
Not possible, look up HIPAA.
Note that HIPAA doesn't cover non-health care providers that you willingly give information to. I can't speak for worker comp, but worker comp is not a health care provider. Please do not make false, uninformed claims.
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Wednesday November 21 2018, @01:06PM
Punish them hard enough or expect a lot more of this.
Corporations exist for one purpose, to make money. If the cost of adding any kind of security is higher than the punishment for not doing so, such measures will not be taken. When we take into account that not all crimes will come to daylight the punishment should be very much higher than the cost of doing the right thing to give us a fighting chance.
Maybe attack is the best defence, we should attack health care providers and extract and publish some very damaging information on some very important and powerful people. Then maybe the system would start to get fixed.
(Score: 2) by HiThere on Wednesday November 21 2018, @06:09PM (2 children)
And the thing you need to sign before getting treatment basically absolve them of any responsibility no matter what, and the most recent one, that I only saw after requesting 3 times, said that they could change the terms and conditions at any time. No requirement that you be notified.
Even that the ones that are "moderate for the profession" come on multiple pages of which you only sign, and usually only see, the last page.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by darkfeline on Wednesday November 21 2018, @07:45PM (1 child)
What are you even talking about? EULA is for software, not health care. Health care in the US is covered by HIPAA, which fines heavily for exposing PHI. Even if hypothetically you signed a contract absolving responsibility, it would probably be considered void.
Join the SDF Public Access UNIX System today!
(Score: 2) by HiThere on Thursday November 22 2018, @02:20AM
Haven't you ever visited an emergency room or a hospital? Saying that "they'd probably be declared void" is arguably correct, but that's only after you've spent a lot of time and money on lawyers. And you might be wrong.
FWIW, I think most of those agreements should be declared unconscionable, but gambling that they will be is a long shot unless you've got a firm of lawyers on retainer. Even then...I'm not sure.
I do think that most of those forms are really intended as lawyer repellent, but I find them pretty repelling, too. Unfortunately I can't avoid them.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.