Safeharbor 25
25GB Only $24.99 Monthsafeharbor 50
50GB Only $49.99 Monthsafeharbor 100
100GB Only $79.99 Monthsafeharbor 250/1TB
As Low As $174.99 MonthCase Studies
-
Every day, a staggering 15,560 Americans have their personal medical information compromised. SafeHarbor™ not only helps you by backing up your data in the event of hardware and software failures, it also encrypts your backed up data so even if it were compromised it could not be read by any unauthorized entity.
Below are actual reported cases where patient information was lost or stolen. These are just a few examples of incidents that are reported every year.
* To view specific articles just click on the gray title bar.
By Michelle Dupler, Herald staff writer
RICHLAND -- Kadlec Regional Medical Center officials announced Wednesday that patients are being notified that one of the hospital's computer servers containing brain scan and other patient studies was hacked in September.
Files housed on the server included information with a patient's name, birth date, age, gender, medical record number and doctor's name, but did not include any patient financial information, address, Social Security number or insurance data.
Kadlec officials first discovered the unauthorized access during routine monitoring of computer network backups Nov. 11, according to a news release.
Kadlec immediately removed the server from service and hired a national company that specializes in computer security to investigate the cause of the incident and scope of the breach.
The analysis confirmed there was unauthorized access to one of Kadlec's 225 servers sometime around Sept. 15. Forensic experts found no evidence that patient data actually was viewed, compromised or removed from the system.
As a precaution, Kadlec is sending a letter to all patients whose information was on the files on the affected server.
"We take our responsibility to protect patient information very seriously," said Rand Wortman, president and CEO of Kadlec Health System. "This incident was unique, and we apologize for any concern or inconvenience it may cause patients and their families."
Hospital officials said it has added significant security measures to Kadlec's servers to help prevent future breaches.
"While it may be impossible to completely thwart skilled and determined hackers from 'parking' on unauthorized servers, we will take all necessary steps to review and strengthen internal procedures to ensure Kadlec provides the highest level of data security possible," Wortman said.
Kadlec's notice to patients encouraged them to be vigilant and to notify the hospital immediately if they notice any unusual activity. The hospital is providing all patients whose information was contained in files on the server with identity theft safeguards, officials said.
In addition to contacting affected patients, Kadlec informed the federal Department of Health and Human Services.
Dan Raywood
Hull and East Yorkshire Hospitals NHS Trust has apologised after patient data was stolen from a doctor's home.
The data, that includes 1,000 patients' names, dates of birth and hospital treatment, was on a laptop that had been taken home, contravening policy, and was stolen from the doctor's home in November.
Talking to BBC News, Dr David Hepburn, medical director for Hull and East Yorkshire NHS Trust, said steps had been taken to prevent patient details being downloaded from computers but it was more difficult to control information being sent by email.
He said: “This particular employer used email to send the information to himself and then stored it on a non-encrypted laptop. We have already written to anyone affected by this to inform them of these incidents and therefore anyone who has not received a letter has no cause for concern. The trust takes data protection issues very seriously and this member of staff is currently the subject of a disciplinary process."
Chris McIntosh, CEO of Stonewood, said: “As the third serious security breach involving Hull citizens' data to come to light in under a year, this theft is a perfect example of the fact that, as far as data security is concerned, lightning can very easily strike twice in the same place.
“It is all very well organisations having regulations on data protection, yet if they can be easily broken by employees, whether knowingly or not, they become meaningless. This doctor should never have had the opportunity to take unencrypted data home with them.
“Hull and East Yorkshire trust needs to have more than regulations in place that simply shift the blame to employees. For example, it must thoroughly train its workers on the importance of data security. It must provide them with encrypted storage to ensure data is safe when at rest and it should put into place software solutions to prevent sensitive data from being saved on unencrypted hardware.
“If these measures aren't taken, all that will happen is that more and more information will be put at risk and more and more public money will need to be spent on the inevitable civil penalties resulting from such losses.”
A computer stolen from the home office of a Reid Hospital employee in early April may have contained files with personally identifiable information on approximately 20,000 Reid patients.
Craig Kinyon, Reid president/CEO, said the computer was password protected and was one of numerous items stolen in the break-in, which indicates the information was not the target of the thieves.
The information included reports on some Medicaid and some Medicare patients who received services from 1999 to 2008. These reports include patient names and Social Security numbers or Medicare numbers.
Patients at The Smile Center in St. Paul, Minnesota don’t have much to smile about this week. Bill Keller reports on another disturbing breach – one that reportedly occurred four months ago but victims are first being notified now:
Delta Dental is announcing that personal information used in a lawsuit between the company and a St. Paul dentist’s office is missing after a laptop used in the case by an expert witness was stolen from an office at the University of Minnesota.
Though the multi-million dollar suit was settled in April, a disk loaded with personal information is proving unsettling now that it could fall into the hands of identity thieves.
On Monday, Laurie Manke-Senne said she received a note from her dental insurance carrier notifying her that her personal information had been stolen.
“It’s unnerving because our personal information is out there,” she said. “It wasn’t encrypted.”
Delta Dental said it has taken steps to protect its clients from identity theft; however, when the computer disappeared, the state’s largest dental insurer said The Smile Center never told its patients their medical records had been compromised.
Neither Delta Dental nor The Smile Center would say how many people were affected by the theft, but the missing data includes patients at the St. Paul office who were insured by Delta between Jan. 1, 2003 and June 30, 2010.
The Smile Center’s other four offices were not affected.
In a statement, Delta Dental said it has “no indication that the information has been inappropriately accessed, misused or further disclosed.”
So far, it seems the target of the theft was the laptop alone — not the data, but that offers little comfort to those still at risk.
Rape & Brooks Orthodontics, P.C., a multi-office Alabama practice specializing in braces for children and adults, recently notified 20,744 patients that burglars had broken into their Centerpoint, Alabama office and stolen some equipment, including a server that held personal and protected health information on patients who had been seen over the last 30 years by Rape & Brooks Orthodontics, PC; Luther T. Cale & W. Gregory Rape, Orthodontics, PC; St. Clair Orthodontics, LLC and Luther T. Cale, DMD Orthodontics, PA.
According to a statement on their web site dated March 4, the theft was discovered on the morning of February 4. Information on the server included the names of patients and account holders (e.g., the parent) as well as their addresses and the minors’ date of birth. For those account holders who provided insurance information, their Social Security number and date of birth may also be part of this data. Social Security numbers of minor children were not stored on the server, but the orthodontists note that for those patients who had insurance under AllKids with Blue Cross & Blue Shield of Alabama, their SSN might be part of their insurance information.
Some credit card numbers were also stored on the server for a “small and select number of account holders.”
In addition to the server containing so much unencrypted personal information, several computers and external drives were taken contained facial and intraoral photographs of patients. The statement notes that “The license for the software necessary to view these photographs has been canceled, so these photos should no longer be accessible by anyone.”
The Jefferson County Sheriff’s Department was notified of the theft.
You can read their statementon their web site, replete with self-serving statements that might falsely reassure patients who should be taking steps to protect themselves. There is also a companion FAQ. The doctors do not offer their patients any free credit-monitoring or credit restoration services.