One In Four Indiana Residents' E-Record Data Exposed in Hack 60
Reader chicksdaddy reports that a data breach involving four million patients and more than 230 different data holders (from private practices to large hospitals) hit Indiana especially hard. It's the home state of Medical Informatics Engineering, maker of electronic records system NoMoreClipBoard. While data exposed in the breach affected 3.9 million people, 1.5 millon of them are in Indiana.
According to the Security Ledger, though:
[The] breach affects healthcare organizations from across the country, with healthcare providers ranging from prominent hospitals to individual physicians' offices and clinics are among 195 customers of the NoMoreClipboard product that had patient information exposed in the breach. And, more than a month after the breach was discovered, some healthcare organizations whose patients were affected are still waiting for data from EMI on how many and which patients had information exposed.
'We have received no information from MIE regarding that,' said a spokeswoman for Fort Wayne Radiology Association (http://www.fwradiology.com/), one of hundreds of healthcare organizations whose information was compromised in the attack on MIE..
'We have received no information from MIE regarding that,' said a spokeswoman for Fort Wayne Radiology Association (http://www.fwradiology.com/), one of hundreds of healthcare organizations whose information was compromised in the attack on MIE..
Figures (Score:2)
Then they give everyone's data away.
HIPAA is irrelevant... attacks are past stopping (Score:2, Insightful)
I hate to be a doomsayer, but with the way weapons have surpassed armor, security is almost a pointless battle for companies. If the biggest, most secure organizations in the world (Sony x 2, Target, OPM) can get breached, anyone can.
Take network security. Backdoor in appliance gets an attacker to the management network from there, the TFTP server. From there, copying a modified config. IDS/IPS systems are pointless, as big companies already have these. Same with AV.
Take privacy. Show me one single We
Re:HIPAA is irrelevant... attacks are past stoppin (Score:4, Insightful)
If the biggest, most secure organizations in the world (Sony x 2, Target, OPM) can get breached, anyone can.
I don't think anyone ever said they were the most secure organizations in the world. In the case of Sony specifically, their security was notable for its poor quality.
Re: (Score:2)
Has there been a break for the PS4 yet, or a break for Blu-Ray or BD+?
Yes.
Re:HIPAA is irrelevant... attacks are past stoppin (Score:4, Funny)
Last year I had one idiot ask to put the phone system he was sometimes called out to work on onto the internet with telnet access - with no password! Another wanted direct RDP access to a machine over the internet. Neither of course seemed to have heard of a VPN or gave a shit about security - people who actually do what these idiots say are probably going to get burnt within days with the number of bots out there scanning for stuff.
Re: (Score:2)
Last year I had one idiot ask to put the phone system he was sometimes called out to work on onto the internet with telnet access - with no password!
Wow.
Re: (Score:3)
Turns out the "new" phone system is a ten year old model - so telnet in with no password to change the settings and he wanted us to unblock and port forward telnet to the thing. I wonder if he convinced someone else in another place and who is getting free calls out of diverting through hacked phone systems?
So yes, these sort of people are
Re: (Score:2, Interesting)
Re: (Score:1)
If I remember the form properly (I am not actually sure I can say this though, frankly, who gives a shit? I think disclosing the form's content was against the rules.) then every single one of the records from the OPM hack was also covered by HIPPA. There are medical questions, including contact information, on those documents some of which are quite specific. Hmm... That should be legal?
I still do not think I needed to fill it out - I had absolutely zero access to any information that would do anyone one l
How is this even possible? (Score:3, Insightful)
Why should a company storing confidential data have any ability to access any part of that data? Especially when there are hundreds of separate owners of the data!
Each data owner should encrypt data before it leaves their site. In fact, individual documents should be uniquely encrypted.
These stories of leaks of massive amounts of data -- again and again! -- just prove that nobody cares.
Re: (Score:3)
I think it has something to do with the online records requirements of the ACA. If you live in Chicago and have an accident while vacationing in Florida, the doctors in Florida are supposed to be able to access your medical records from Chicago without much effort in order to treat you more effectively and timely. Encrypting it would somewhat end that and somehow this is all supposed to be controlled by the IRS who will share information with about 200 or more other government agencies between the state, lo
Re: (Score:2)
That is the same principle how a proper BOFH does backups. Everything goes to /dev/null, and is properly "encrypted" with the above table. Fast, few I/O errors, and properly secure.
So Much for HIPPA Rules (Score:2)
Patient records are no more safe than credit card info at your local restaurant.
Re: (Score:2)
Patient records are no more safe than credit card info at your local restaurant.
Well, let's keep things in perspective here. The breach only consisted of intimate medical details of little people.
HIPPA-schmippa, it's not like it concerned something vital to national security to keep secret, like the POTUS' college records or original birth certificate.
I'd bet if Congress and other members of the Federal government were required to participate in the ACA (AKA 'Obamacare') like everyone else, security would be much tighter.
Strat
Re: So Much for HIPPA Rules (Score:2)
Re: (Score:2)
Just wait until the MIB gets hacked (Score:2)
Re: (Score:2)
clipboards? (Score:2)
Re: (Score:1, Troll)
give it a rest buddy
I wish I could, but those who seek personal & political power & control without regard for who or what they harm don't.
Strat
Re: (Score:2)
Well, let's see how many mod points you're willing to waste.
What was so bad about clipboards again?
The data on those clipboards are not as easily & quickly accessed by the current administration's political operatives seeking to damage/destroy their political opposition and suppress grassroots movements.
What, you thought there was any other reason that actually mattered to those in power?
Strat
Re:clipboards? (Score:5, Informative)
What was so bad about clipboards again?
Clipboards have a bunch of known deficiencies. They're effectively write-only, especially if no one else can read the doc's handwriting.
Then, they're hard to duplicate. Should you end up in the hospital (heaven forbid), hopefully you're conscious enough to explain your drug allergies to the EMT, because it'll take a while to find out which clinic you normally see and get a copy of their clipboard. Then the copy of the clinic clipboard ends up in the hospital's clipboard, but the stuff in the hospital clipboard probably won't make it back to the clinic clipboard.
There's also only one copy of the hospital clipboard, so the cardiologist treating your heart attack can't put notes in your clipboard if the hospitalist took it to figure out what meds you were (or should be) on. If they do make copies, someone has to make sure the cardiologist's annotations make it into all of them without error. Those charts then have to be stored in a giant bunker somewhere, forever.
Clipboards are also bad at medication safety. When you're giving millions of med administrations to millions of patients, eventually you end up giving the wrong drug to the wrong one. Clipboards can't verify that you nabbed the right patient or the right drug, which kills people once you scale up the mistakes that would have happened to a national level.
Even before the nurse gives the meds, a clipboard can't tell the doctor that one of the medications he's ordering will interact with the medications someone else ordered. That also kills people. If one lot of those medications was tainted and recalled, it's also really, really hard to find out who was affected if all your administrations are documented on paper.
Finally, it's really hard to bill correctly if all of your documentation is on paper. If the coder going over the clipboard misses a charge, the hospital loses out on money. If the coder invents a charge, you lose out on money. If the coder can't find whatever documentation a kafkaesque insurance company demands to justify a procedure, you both lose out on money. Also harder to reject a claim for not being written in blue pen with block caps when the claim is electronic.
There's a bunch of other ways clipboards suck, and a bunch of ways the clipboard-replacements suck, but the former tends to suck a lot more than the latter.
Re: (Score:2)
There's a bunch of other ways clipboards suck, and a bunch of ways the clipboard-replacements suck, but the former tends to suck a lot more than the latter.
Fair enough.
Re: (Score:3)
Clipboards have a bunch of known deficiencies.
Your post is informative and makes a lot of sense. On the other hand, I think there are plenty of new types of errors which can be created with electronic systems. In particular, when you abstract data from records and substitute codes in, you make it easier for people to stop looking at original records. Those original records might also contain contextual information that would prevent some errors. In most cases, I imagine the benefits of electronic records outweigh the problems, but when you depend o
Re: (Score:2)
I won't disagree that medical billing is still a nightmare, but it's not the fault of CPT codes. No insurance company will sign a blank check and ask the doctor to fill in the amount; they all have a maximum they'll reimburse for, say, a broken leg, and they'll reimburse "broken leg" differently for a simple fracture than an unexpected amputation that took a crack team of surgeons 32 hours to reattach.
The codes are just a standard way to quantify exactly what was done. The "standard" part is important s
Not good enough! (Score:2, Funny)
Only one in four? Lame. They need to sweep up the other 75% of medical records from Indiana. Go big or go home!
Indiana wants me.... (Score:2)
Re: (Score:1)
Deleted versus sent to the nether-worlds. No diff.
Re: (Score:2)
Because selecting "-1" from the drop-down box is soooo hard...
what a bunch of bullshit (Score:3)
You're a liar or a troll. It's as simple as that. I've lived in Indiana my whole life and experienced, firsthand, racists of all colors (you did know that anyone can be a racist, right?) but they're far from the majority. Stop playing the victim, bitterness like this doesn't do anything but keep you locked in and your eyes closed to reality.
Meanwhile (Score:1)
No government employee is fired. Ever. No matter how incompetent they are. If you get lucky, sometimes they resign out of shame. Otherwise too bad, they're stuck there.
What does NoMoreClipBoard run on? (Score:2)
Mitch Daniels former Gov -- did he outsource this? (Score:2)
Governor Mitch Daniels outsourced the unemployment database, and slashed the budget for job training for the unemployed in an attempt to keep Indiana "in the black". As a result, there are fewer IT jobs in Indiana, and those who are trying to jumpstart their career are generally-speaking, FUCKED. I wonder if any shortcuts were taken with their statewide medical patients database? It wouldn't surprise me.
Case history (Score:2)
Does anyone have a list available of HIPPA-actionable, large-scale data breaches in the past and ensuing convictions or case outcomes / penalties from such?
NSA beats that 1 in 4 (Score:2)