Computers with patients’ information stolen from office

AP reported a couple of days ago about computers with patients’ information being stolen from a Pennsylvania medical office. Computers being stolen are nothing new. Data being taken is nothing new. But, the kind of data being stolen of course can make all the difference in the world. In this case (as in most cases) the theft probably occurred because it was easy to do and the computers have some resale (fence) value.

While it is not known if the computers were stolen for identity theft or just the hardware, it’s a safe bet none of the information on those computers were encrypted. Many computers in physicians’ offices do not have decent password protection, let alone encryption.

I will be writing an advisory article shortly about how to make sure our databases, if stolen, or broken into, are not a bastion of easy-to-pick-out information. Basic encryption and information hiding techniques are not prevalent in health IT but it’s time we started. We’d all be pleasently surprised if our SSN’s were even masked let alone our credit card numbers or other identity markers. Let me know if you’re interested in a long article with lots of advice or just a short one with links.

Here are some of my other recent musings about health IT data security:

Newsletter Sign Up


2 thoughts on “Computers with patients’ information stolen from office

  1. privacy/ confidentiality of data in healthcare is going to see the same things that happened in generic security atleast a decade ago or earlier. But this time the price innocent victims are going to be a lot more.

  2. Indeed you are correct. The difference is that now we have the ability to learn from other industries (hiding information in plain sight, encryption, etc) that may help reduce the ultimate price.

Add Comment