Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Wall of Shame' Exposes 21M Medical Record Breaches

Posted by Soulskill on from the you-can-trust-us dept.

Lucas123 writes "Over the past three years, about 21 million patients have had their unencrypted medical records exposed in data security breaches that were big enough to require they be reported to the federal government. Each of the 477 breaches that were reported to the Office for Civil Rights (OCR) involved 500 or more patients, which the government posts on what the industry calls 'The Wall of Shame.' About 55,000 other breach reports involving fewer than 500 records where also reported to the OCR. Among the largest breaches reported was TRICARE Management Activity, the Department of Defense's health care program, which reported 4.9 million records lost when backup tapes went missing. Another five breaches involved 1 million or more records each. Yet, only two of the organizations involved in the breaches have been fined by the federal government."

10 of 112 comments (clear)

  1. Punish them. by Nyder · · Score: 4, Insightful

    Unless the various companies that lose the data are punished, nothing will change.

    --
    Be seeing you...
    1. Re:Punish them. by vux984 · · Score: 5, Insightful

      In this case, what you suggested amounts to "government should punish itself" - something not very common for the US govt, wouldn't you say?

      Nor terribly productive.

      At best, they increase their budget by the amount of the fines, and then raise taxes to cover the increased budget.

      At worst, they pay the fine without increasing their budget, and make cuts elsewhere... thereby ensuring that not only is there no money to improve the security that led to the first breach, but now they are probably running shorthanded increasing the odds of a second breach...

      Punishing governement and large corporations is generally meaningless. We have to pierce the veil and go after individuals within them... fine or even imprison them personally.

    2. Re:Punish them. by rgbrenner · · Score: 4, Insightful

      Punishing companies is punishing their customers

      Bullshit. I'm tired of this line.

      When a company is punished, it raises the cost for them to do business, resulting in price increases for customers.

      For some reason, you stop there. But it doesn't end there.

      The customers, who can chose where to spend their money, will go to the cheapest retailer... leaving the punished company with fewer customers, less market share, etc.

      Customers are not forced to buy from a company.. so fining 1 company is NOT punishing customers.

  2. Wait, what? by fuzzyfuzzyfungus · · Score: 3, Insightful

    I'm impressed. I wouldn't have guessed that insurance outfits had anybody familiar with the concept of 'shame' available to coin such a nickname...

  3. Our secret health by mcelrath · · Score: 5, Insightful

    And why do we care who has our medical information?

    Because in the US, we've decided that the only people that get health care are those with jobs. So getting a job is deeply tied to one's state of health. Accidental leaking of your health care information could lead to losing your job, or failure to obtain one. Other laws try to tackle that, but nonetheless, we all have the fear that if our potential employer (especially) knew how much we might really cost, we wouldn't get that job. And the fact of the matter is that no employer wants to employ a sick person if they can help it.

    We'd be better off decoupling health care from employment. One side effect would be that medical information wouldn't be so secret. This is rather important when you consider that that information should perhaps be shared among health care providers, patients with the same ailments, and especially, family (possibly distantly related but genetically susceptable, for instance).

    --
    1^2=1; (-1)^2=1; 1^2=(-1)^2; 1=-1; 1=0.
    1. Re:Our secret health by PNutts · · Score: 2, Insightful

      Because in the US, we've decided that the only people that get health care are those with jobs.

      We've decided no such thing.

    2. Re:Our secret health by brit74 · · Score: 5, Insightful

      And why do we care who has our medical information?

      I think people are concerned about the privacy implications. If you have a talk with your doctor about something personal, you'd like to believe that the entire world isn't listening in. What's that? You've got erectile disfunction? You've had mental health issues? You once tried to kill yourself? You went to the emergency room because you were high on drugs or you stuck an object where it shouldn't go? You've admitted to having lots of sex partners or you're gay and you haven't come out? You've got an STD and you'd prefer that your friends and family don't know about it?

      Not only are there some potentially embarrassing secrets, but the idea that everyone can find out about your medical history can make you less likely to go to the doctor -- because there might be situations where it might be embarrassing to tell a doctor what the situation is, and much more embarrassing if the whole world could find out about it.

  4. Re:You all have no idea by Anonymous Coward · · Score: 2, Insightful

    Assumption junction, what's your function? Hookin' up word and phrases and sound bites.

  5. But server was hacked.... by stanlyb · · Score: 5, Insightful

    If you read the article, you will see that the main problem is of proper handling of the backups, not the actual server application or database, or with other words, here the problem is the "meatware", not the "software"

  6. appropriate measures by kermidge · · Score: 2, Insightful

    To hell with fines. Felony-grade jail time in no less than medium-security, from top people on down, with the parole condition that upon release they never work with customer information or data again.