Police forces and news organizations across the country are providing warnings about increased theft activity from cars as the holiday season is upon us. The reasons are many- parking lots fill up around retail stores; distracted shoppers forget to lock their doors; cars are left running to fend off frigid temperatures; and simply the general hustle and bustle during this time of year. Whatever the reason, ‘tis the season of the smash and grab, the long standing criminal tradition of finding an easy target, quickly taking anything that looks like it might have value, and sorting it out later. The experience for the victim ranges from frustrating to devastating, but typically ends with an insurance claim and payment of the deductible.
What happens if the crime of opportunity comes in the form of an unencrypted laptop, smart phone, backup tape, or even a satchel containing paper health records? The data theft could have far reaching implications of thousands of individuals and bring OCR knocking on the door.
According to the 2014 Verizon Data Breach Investigations Report 46% of healthcare breaches occurred because of loss or theft. This number (45%) is echoed by other sources such as Redspin’s 2013 Breach Report and several other sources. Verizon’s report also noted that 29% of thefts happen in vehicles. The pattern that emerges is sad but true. We are just not taking this seriously enough.
Policies need to be tightened; technical controls, such as encryption, need to be implemented; sanction policies need to be strict and enforced; and risk needs to be assessed formally. Training programs and reminders for employees should reflect the current threat situation and real world events as they happen so staff understands that threats shift continuously based on time, location, and situation.
It is our responsibility to protect patient information, even if it means dropping off the backup tapes at the offsite location BEFORE we stop at the mall for that last minute gift for the office! Happy Holidays!