Data breaches an ever-present worry for physicians

Despite a drop in health care organizations being hacked, practices lacking sophisticated computer protection are seen as easy targets, a survey finds.

By Pamela Lewis Dolan — Posted May 10, 2011

Print  |   Email  |   Respond  |   Reprints  |   Like Facebook  |   Share Twitter  |   Tweet Linkedin

Health care represented a smaller proportion of major data breaches investigated by a corporate investigation team and the U.S. Secret Service in 2010.

However, Verizon Business said even though health care dropped to 1% from 3% of all breaches included in the report, the number of breaches actually went up. That's because, overall, the number of breaches reported to Verizon and the Secret Service jumped to 761 from 141 the previous year.

More disturbing for physician practices, Verizon said, is that in 2010 outside hackers tended to attack smaller organizations in hopes that their information was more vulnerable. Though the number of incidents increased, there was a massive decrease in the number of documents involved in those breaches -- down from 144 million in 2009 to 4 million in 2010. The most common targets were hospitality (40%), retail (25%) and financial services (22%) (link).

The breaches included in the Verizon Data Breach Investigation Report were confirmed cases reported to and investigated by Verizon. The report also included breach cases investigated separately by the Secret Service, which provided numbers to Verizon for the report.

The report's totals on health care do not represent all data breaches disclosed, by law, to the Dept. of Health and Human Services Office for Civil Rights. The report includes only those breaches reported to Verizon and the Secret Service by individuals or businesses seeking an investigation that will lead to prosecution.

The 2009 Health Information Technology for Economic and Clinical Health Act requires health care organizations experiencing a breach affecting 500 or more people to report the incident. In 2010, 207 breach incidents that included more than 5 million records were reported to HHS. There were 46 incidents reported in 2009 from September to the end of December (link). The majority of those cases involve "data at risk," meaning data is missing but a criminal investigation has not been launched.

Credit card transactions in physician offices is an area of vulnerability that is often overlooked, said the report's author, Alex Hutton, principal in research and risk intelligence for Verizon Business. Tighter controls of those transactions and the vendors contracted to carry them out are needed. Strong passwords will help keep the data secure, he said.

The report found that 92% of breaches reported to Verizon and the Secret Service were caused by external sources, most of which were automated systems launched through malicious software, or malware, sent through the Internet.

Small- and medium-sized businesses, including physician practices, have become easy targets because they tend to lack the sophisticated technology that larger organizations have to protect against these attacks, according to the report.

Physicians should remind staff to report irregularities in how office computers are running because this could signal that the computers have become infected, experts said.

Back to top



Read story

Confronting bias against obese patients

Medical educators are starting to raise awareness about how weight-related stigma can impair patient-physician communication and the treatment of obesity. Read story

Read story


American Medical News is ceasing publication after 55 years of serving physicians by keeping them informed of their rapidly changing profession. Read story

Read story

Policing medical practice employees after work

Doctors can try to regulate staff actions outside the office, but they must watch what they try to stamp out and how they do it. Read story

Read story

Diabetes prevention: Set on a course for lifestyle change

The YMCA's evidence-based program is helping prediabetic patients eat right, get active and lose weight. Read story

Read story

Medicaid's muddled preventive care picture

The health system reform law promises no-cost coverage of a lengthy list of screenings and other prevention services, but some beneficiaries still might miss out. Read story

Read story

How to get tax breaks for your medical practice

Federal, state and local governments offer doctors incentives because practices are recognized as economic engines. But physicians must know how and where to find them. Read story

Read story

Advance pay ACOs: A down payment on Medicare's future

Accountable care organizations that pay doctors up-front bring practice improvements, but it's unclear yet if program actuaries will see a return on investment. Read story

Read story

Physician liability: Your team, your legal risk

When health care team members drop the ball, it's often doctors who end up in court. How can physicians improve such care and avoid risks? Read story

  • Stay informed
  • Twitter
  • Facebook
  • RSS
  • LinkedIn