Good-old Fashioned Theft (reveals patient’s health data)

Your data may be protected from internal tampering and data-snooping of employees… but what if your physical hardware is stolen?

The other ‘HIPAA Blog’ reports:

Sometimes identity theft and potential HIPAA-violating disclosures of PHI are sidelights of simple crime.

Jeff continues:

Here, theives broke into a medical office and stole the easily-salable valuables (computers and electronic equipment). The problem, of course, is that there is PHI on those computers. Perhaps a lesson in using encryption-at-rest for your databases?

This reminds me of the backdoor ways that hackers often use to compromise computer systems.

Often-times the easiest method to compromise computer systems is not to “crack” the computer code, but rather to use a roundabout method such as “social engineering.” This method involves tricking employees to reveal critical passwords or other secret company data.

Now, stealing an entire computer hardware system is a bit more brute-force, but uses the same techniques. In all actuality, though, the thieves are more interested in the resale value of the machines, not the private data that they’ve come into posession of. (unless they are some really sophisticated thieves)

Sorry, comments are closed for this post.