43K affected in Wisconsin data breach
February 14, 2013 in Medical Technology
Officials at Froedtert Health, a three-hospital health system based in Milwaukee, Wis., notified patients of a data breach Wednesday after a computer virus may have compromised the personal health information of some 43,000 people.
According to a Froedtert Health statement, officials learned Dec. 14 that the virus may have allowed hackers into an employee’s work computer. A computer forensics company was unable to “definitively rule out the possibility the virus was able to obtain information stored in the employee’s work computer account,” the statement reads. The employee’s work computer contained patient names, addresses, phone numbers, dates of birth, medical record numbers, health insurance information and clinical data and Social Security numbers in some cases.
[See also: Arkansas data breach remains unclear, gender discrimination lawsuit at core.]
Patients seen at the health system’s Froedtert Hospital in Milwaukee; Community Memorial Hospital in Menomonee Falls; St. Joseph’s Hospital in West Bend; and Froedtert Health Medical Group were mailed notification letters the week of February 11.
Although lost or stolen devices account for the majority of healthcare data breaches, officials say breaches resulting from a computer virus are no less severe, and that often the proper precautions are not taken. A December report conducted by the privacy firm Ponenmon Institute found only 40 percent of healthcare groups actually scan for viruses and malware while connected, with a paltry 21 percent indicating they scan for viruses and malware prior to connection.
[See also: Infographic: Biggest healthcare data breaches of 2012 .]
In 2011 Beth Israel Deaconess Medical Center notified some 2,000 patients of a security breach after a computer virus had transmitted patient information externally.
Similarly, in January 2012, officials at the City College of San Francisco announced that their computer network had been infected with a virus that resulted in student information being transmitted externally. The personal data of as many as 100,000 students could have been compromised in the security breach.
[See also: First-of-its-kind HIPAA settlement announced, Idaho hospice group to pay.]