Meet the Bloggers Twitter BTSecureThinking YouTube Channel Blogroll About BT Looking for more?
BTSecureThinking Resources center

SecureThinking > SecureCompliance

Tuesday, April 19, 2011

Healthcare Security Breaches Can Cause Headaches and Millions in Fines

By Jim Tiller, Vice President, Security Professional Services, North America, BT Global Services

HealthNet’s recent announcement that it is conducting an investigation into the whereabouts of several server hard drives from one of its data centers that are unaccounted for reminds us all of the serious consequences that can result from security breaches.

HealthNet is a provider of managed health care services; and the hard drives that are missing from an IBM-operated datacenter in Rancho Cordova, California, contain some 1.9 million customer records, including information such as names, social security numbers, addresses, financial information, and, of course, health care records (PHI).

It’s noteworthy to add that the Department of Health and Human Services (DHHS) has been dropping the hammer lately using the Health Information Technology for Economic and Clinical Health (HITECH) Act that defines breach notification and fines and ensures the widespread adoption and standardization of health information technology.

Regardless of whether HealthNet and its vendors met DHHS’ HITECH requirements, Health Net faces $250 per record in fines, which may reach $1,200 per fine in the near future.  At 1.9 million records potentially lost, this could definitely result in the maximum fine (could be as much as $5 million).  Other penalties could include roughly $2 per customer notification ($3.8 million), identity theft insurance for customers that could be well in excess of $5 million and countless potential lawsuits in the years to come.  Additionally, HealthNet said in a press release that it will offer two years of free credit monitoring services, including fraud resolution and, if necessary, restoration of credit files.

Let me say this LOUD and CLEAR — the cost of security may seem high at times, but there’s a reason why compliance costs are less than a third of the cost of non-compliance.

Want to hear more from Jim Tiller?  Join BT at Infosec 2011 on April 19-21, where he will be presenting along with Bruce Schneier, Ray Stanton and several of our partners.  If you are planning on attending, come and find us at booth C92.You are previewing premium content. Become an Insider to read the full article.

  1. What healthcare reform means for HIPAA
  2. Trust is Fragile
  3. Breach Notification in Healthcare and Beyond: Part 1
  4. A Handy PCI Cheat Sheet
  5. Brother, Can you Spare a Dime? Or Perhaps Your Credit Card Information and Your Digital Identity?

Posted at 10:04 PM
Tags: , , , , , , ,

Bookmark and Share

Leave a Reply