Every day we turn on the news and there is another data breach in both large national companies and local businesses. Victims include all industries from Healthcare, Finance, Communications, Manufacturing, and even the U.S. government.
In the month of May this happened to Apria Healthcare, T-Mobile, the manufacturer Suzuki, PharMerica, US Department of Transportation and a Urology Practice, University Urology located in New York City.
Some incidents involved unauthorized access and some ransomware. All of these companies - and their clients - are victims of a crime.
As stewards of data, we have to ask ourselves:
- Did they appropriately secure their systems?
- Did they have information security policies and procedures?
- Did they take steps to prevent such attacks?
- Did they train their workforce?
- Did they notify and report the breach in a timely manner?
HIPAA requires us to protect our patient information. We do this by securing our infrastructure, using unique usernames and passwords, training our workforce, and by using care when clicking on links and opening documents in emails.
In many data breach situations the unauthorized hacker gained access to the system through obtaining user credentials by sending a Phishing email.
|