The burglar who hit the headquarters office of Sunglo Health Home Services in Harlingen, Texas, broke into one van, found the keys to another, loaded the second van with tools and equipment, and sped off. Then he returned to Sunglo's offices, used a fire extinguisher to smash a window, and stole a laptop. That laptop happened to contain the Social Security Numbers and Personal Health Information (PHI) of Sunglo patients. Sunglo’s IT department couldn’t say whether or not the data was encrypted. Police later apprehended the burglar—most of this story was captured on video—but they never recovered the laptop.
This burglary was hardly a major news story, but unfortunately it is the kind of story that is all too common. Lost and stolen mobile devices are a leading cause of healthcare security breaches, according to a recent survey by Bitglass.
The survey found that:
As these numbers show, healthcare organizations (HCOs) and their business partners need to do a much better job of protecting PHI on mobile devices. They should ensure that PHI is always encrypted, whether in transit or in storage, and that IT administrators can remotely wipe data on lost or stolen devices. Information security policies and training should be extended to cover use of mobile devices.
The outlook does not good for mobile device thefts, particularly in cases where thieves suspect the devices contain PHI. According to the World Privacy Forum (quoted by RSA):
“The street cost for stolen medical information is about $50, versus $1 for a stolen Social Security number. The average payout for a medical identity theft is $20,000, compared to $2,000 for a regular identity theft.”
Criminals follow the money, and stolen PHI is worth big money. To protect PHI, HCOs and their partners should take action now. They should strengthen their IT security, including their IT security for smartphones, tablets, and laptops.
Learn how kiteworks protects PHI and other sensitive data while helping healthcare providers deliver improved patient care.