Hartford Hospital Security Breach With Stolen Laptop Goes Back to 3rd Party Vendor EMC Subsidiary, Greenplum As Unencrypted Pati
Posted Aug 02 2012 10:34am
Once again as have been many of the security breaches reported, we have a 3rd party vendor at the root with a stolen notebook. In essence this is starting to reflect that hospitals sound like they are pretty much on top of their business but it’s the vendors with patient data that are the cause of much that has been in the news of late. EMC is also the same company that owns VMware and I wonder why the employee had this information on the computer and not accessed with a VMware virtual system? Makes sense since the same corporate company owns them maybe?
EMC competes in some of the same market areas as Dell and not too long ago made had some uncomplimentary words to say about their competition and capabilities. This has now elevated to where the State Attorney General is wanting more information on the situation. If you have read the news of late again this all comes back to analytics, which is kind of on steroids today and is what lead to the Accretive fiasco with that company having a laptop stolen and an employee was sharing patient records with investors on Wall Street so when it comes to money and analytics, it doesn’t sound like anyone is really minding the shop to a large degree…save that money.
About 10,000 files are said to have been affected. When the Accretive story fully rolled out we learned there were 9 laptops involved and not one. Hartford Hospital reported the incident in June after it was noticed missing and of course the information was not encrypted. Last year Stanford has a breach with information that was online, not their fault it was the vendor as was the case at Beth Israel Deaconess in Boston.
So the folks get 2 years worth of free credit monitoring…and this does not have the value either that it used to as when you look at how the credit folks are coming under scrutiny from Congress…well you get the picture as they too have a ton of flawed data out there and companies such as FICO have created mismatched analytics algorithms to sell, why, because they can and the public is naïve as far as how this works. They are some of the folks that get a lot of their data for nothing and the profits for free. Sometimes the motivation may resemble something like this statement below…
”Hey dude let’s crunch some numbers and see if we can come up with some analytics to sell”
Another post that touches on the same area I wrote a short time back on how algorithms are used today and “dupe” consumers too. Business analytics are a part of today’s business world for sure but we don’t know when the code is written for “desired” results or “accurate” results half the the time and have to believe they are accurate but read the news and see what is being uncovered for the answer to that part of the puzzle.
Stay tuned on how this one plays out and again why the data was on the computer unencrypted is beyond me when there are alternatives out there today that can allow working from a cloud or virtual server or PC and yet the hospital CIO has all this on his/her head with being responsible for the vendors used as well and much of it is out of their control. BD
A laptop carried by an employee of an EMC subsidiary has been reported stolen by Hartford Hospital, compromising the personal health records of about 9,000 patients, the Connecticut Attorney General's Office reports.
According to a news release from Nutmeg State Attorney General George Jepsen , the data breach involved "unencrypted personal information and protected health information" of about 9,000 patients, stored on a laptop used by an employee of Greenplum, an EMC Corp. (NYSE: EMC) subsidiary.
The employee was working on a quality improvement project related to hospital readmissions. The compromised data include records of 2,097 Hartford Hospital patients and 7,461 patients of VNA Healthcare Inc., a Connecticut home hospice services operator.