California Attorney General Kamala Harris released a report showing that the majority of health data breaches were from lost or stolen hardware.
- Health data breaches in California last year were largely due to stolen or lost hardware or digital media that contained unencrypted personal information, according to California Attorney General Kamala Harris.
The attorney general released the state’s second annual data breach report earlier this week, which overall did not have good news for the Golden State. According to the data, 18.5 million Californians potentially had their personal information put at risk from the 167 data breaches that hit California.
“Data breaches pose a serious threat to the privacy, finances and personal security of California consumers,” Attorney General Harris said in a statement. “The fight against these kind of cybercrimes requires the use of innovative strategies by government and the private sector to protect our state’s consumers and businesses. I strongly encourage more use of encryption to significantly reduce the risk of data breaches.”
For healthcare specifically, the numbers showed that 70 percent of the health data breaches reported in the past two years were because of stolen or lost hardware or digital media that held unencrypted personal information.
The California healthcare industry should consistently use strong encryption to protect medical information on laptops and on other portable devices, according to the report. Moreover, those protections should be considered for desktop computers.
While the retail industry accounted for the majority of data breaches, security issues in healthcare still affected its fair share of patients. Specifically, healthcare data breaches affected 1.1 million records.
The report also showed that physical theft or loss was the second most common type of breach across the board. A total of 79 incidents occurred, accounting for 27 percent of total breaches. The largest amount of physical breaches took place in the healthcare industry, where 31 incidents comprise 39 percent of such breaches.
Over half of California’s healthcare breaches (55 percent) involved Social Security numbers. However, the most common type of data attacked was health information, which represented 75 percent of healthcare data breaches.
The majority of healthcare data breaches are preventable, according to the report.
“An affordable solution is widely available – full disk strong encryption, to the standard set by the National Institute of Standards and Technology,” read the report. “This is a lesson that must be learned by the health care industry and applied not only to laptops and portable media as we recommended in last year’s report, but also to computers in offices.”
Moreover, desktop computers in offices can be encrypted when shut down at night and decrypted in the morning, the report stated. That way if a criminal breaks in after hours to steal the computer, the data would not be accessible. This solution is possible regardless of a practice’s size, and how many full-time information security and IT staff members are at a facility.
“They owe it to their patients to do it now,” the report said.