The Security company Redspin, Inc. recently released its annual report on data breaches in the healthcare industry and the results were not good. In 2013 there were 199 major breaches of hospitals, health insurers and others in the healthcare field affecting more than 7 million patients. In addition, although it was just reported in February, St. Joseph Health System, a five-hospital delivery system in Bryan, Texas was hacked in December of 2013 compromising personal data including the all important Social Security numbers of 405,000 patients and employees. One of the most disturbing elements of the hacking of these health care providers is that in many cases the breach of security was the result of stolen laptops with unencrypted data. Astonishingly, federal law only requires health care providers to consider encrypting data when it should be mandatory.
This is just another example of the fact that you are only as secure as the place with the weakest security that holds your personal data. Even if you are doing everything you possibly can to protect the security and the privacy of your personal data, you can still end up as a victim of identity theft due to the negligence and carelessness of people and institutions with which you do business. I urge you to limit, as much as possible the personal information you provide to businesses and agencies and when you must provide personal information, don’t do so until you have inquired as to the security practices of the company or agency.