From ars technica:
A healthcare system spanning 29 states announced on Monday that cybercriminals operating from China stole information on approximately 4.5 million patients, including names, birth dates, and Social Security numbers…
The attack should come as no surprise. Recent ratings released by security-rating firm BitSight found that the healthcare industry had more security issues and signs of breaches than any other industry, including the retail sector.
Mysterious Chinese hackers stealing millions of records is certainly sensational but the typical dental office needs to be far more worried about theft.
According to the office of Health and Human Services 50% of medical/dental data breaches are from theft and 12% are lost laptops or backups. Only 8% are from hackers. On the other hand when hackers do strike it is far more serious than a lost laptop. Hackers are looking for data and know how to use it for profit. A laptop thief is most likely just looking for hardware. A lost laptop may compromise a few thousand people, that is bad but nothing compared to the 4.5 million reported above.
Two things dentists should do immediately to protect patient confidentiality.
- Lock up your server. Just put the server in a locked cabinet making it harder for thieves to get to.
- Encrypt all your patient data. With encryption even if the data is compromised, from either theft or hackers, your patients are protected and you are protected from a HIPAA data breach violation.