Stories
Slash Boxes
Comments

SoylentNews is people

Fines Remain Rare as Health Data Breaches Multiply

posted by n1 on Tuesday March 03 2015, @09:51AM   Printer-friendly
from the cost-of-doing-business dept.

tt2024432 writes:

Since October 2009, [US] health care providers and organizations (including third parties that do business with them) have reported more than 1,140 large breaches to the Office for Civil Rights, affecting upward of 41 million people. They’ve also reported more than 120,000 smaller lapses, each affecting fewer than 500 people.

In a string of meetings and press releases, the federal government’s health watchdogs have delivered a stern message: They are cracking down on insurers, hospitals and doctors offices that don’t adequately protect the security and privacy of medical records.

But as breaches of patient records proliferate – just this month, insurer Anthem revealed a hack that exposed information for nearly 80 million people – federal overseers have seldom penalized the health care organizations responsible for safeguarding this data, a ProPublica review shows.

 
This discussion has been archived. No new comments can be posted.
Fines Remain Rare as Health Data Breaches Multiply | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by E_NOENT on Tuesday March 03 2015, @01:34PM

    by E_NOENT (630) on Tuesday March 03 2015, @01:34PM (#152475) Journal

    What if I told you that a fully secure Internet isn't possible, and that some data should never be exposed to it?

    Choose carefully...

    --
    I'm not in the business... I *am* the business.
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 0) by Anonymous Coward on Tuesday March 03 2015, @03:26PM

    by Anonymous Coward on Tuesday March 03 2015, @03:26PM (#152540)

    Too late for that particular genie. Better to start punishing those companies that are not taking security seriously. Light or no fines tells these companies that they don't need to spend any time or effort securing our data.

  • (Score: 0) by Anonymous Coward on Tuesday March 03 2015, @05:08PM

    by Anonymous Coward on Tuesday March 03 2015, @05:08PM (#152602)

    Then you'd be useless. There is a difference between desiring a reasonable level of security (which these rich companies don't use) and desiring perfect safety. Security is about mitigating risk, not making it nonexistent.

    • (Score: 0) by Anonymous Coward on Tuesday March 03 2015, @06:54PM

      by Anonymous Coward on Tuesday March 03 2015, @06:54PM (#152680)

      I think the nuance of the OP's point has been lost on you. He said "some data should never be exposed" that's not perfect security, that's compartmentalization.

      The most criminally valuable personally identifiable information tends to be the least necessary for daily operations. For example, social security number and date of birth are basically read-once - used to initially establish identity and then ignored unless there are debt collection issues. So instead of putting that info online, put it on a piece of paper filed away in a well-organized and physically secure records room. On the rare occasion that it is needed, have an archivist walk into the room and pull out that specific file. That reduces the threat from every hacker on the planet to someone willing and able to physically penetrate a locked and guarded room - which for all practical purposes will be no one.