Healthcare Breaches Top the List in First Six Weeks of the Year; Know Your PII

Sometimes all you need to see in order to recognize a problem are the stats. The Identity Theft Resource Center (ITRC) recently released their counts from January 1 to February 9 of this year:

There have been 27 data exposure/breach incidents thus far in the business sector representing 39.1% of the total incidents and 5.7% of the total records exposed.

What is particularly disturbing is the number of healthcare/medical related breaches in the first six weeks of the year. The number is 34; exposing more than 1.1 million records.

Government and military has had a relatively light year for breaches with only five so far and representing 7.2% of the total incidents.

Education has not been left out. This sector has seen 10 breaches so far, and has resulted in exposure of 210,000 records.

And bringing up the rear is the banking, credit, and financial sector. The total number for this area is 4,000 records exposed and 4.3% of the total breach number.

What do these numbers tell us? The financial sector appears to be turning the tide this year as it has been under tremendous pressure over the last 3-4 years.  It is also clear that more education is needed within all sectors to help employees identify phishing scams and fraud attempts. The truth is that every major breach in in the past few years is due to human error. Clicking on a phishing email is the most common way data is lost, but there are several examples of physical devices with data being lost or stolen.

But what continues to be of concern for the security industry is the sheer number of incidents within the healthcare and medical industries. Each one of these tends to result in exposure of massive amounts of confidential and personally identifiable information (PII).

It is important for everyone to properly care for the information with which they work every day. This means shredding each and every document that contains PII.

PII can include, but is certainly not limited to:

• Social Security numbers (SSN)
• Driver’s license numbers or State-issued Identification Card numbers
• Security codes, access codes, or passwords that could permit access to an individual’s accounts
• Medical information, including any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional, but not including brief references to absences from work
• Health insurance information, including an individual’s health insurance policy number or subscriber identification number
• Any unique identifier used by a company to identify the individual
• Place of birth
• Date of birth
• Mother’s maiden name
• Biometric information
• Personal financial information, including credit scores and history
• Credit card or purchase card account numbers
• Passport numbers
• Potentially sensitive employment information, e.g. personnel ratings, disciplinary actions, and results of background investigations
• Criminal history

Any information that may stigmatize or adversely affect an individual should be considered PII as well and should be disposed of properly. Sometimes it may not be obvious what can be used against someone for identity theft, so training is important and provides great value to individuals, as well as to organizations.

Employees are responsible for a lot of information on a daily basis. It is critical that managers provide education on how to dispose of the information so that customers, members, and employees are less at risk for identity and data theft. Proper education and procedures should not only be put into place, but should be followed and enforced. There are numerous companies that provide guidance on proper disposal of PII as well as provide continuing education for employees, members, and customers. It is recommended that no matter what is chosen, some type of program be put into place.

For 2015, ITRC found that over 169 million records were accessed through data breaches.

© Copyright 2016 Stickley on Security