Tagged: #novant
- This topic has 7 replies, 5 voices, and was last updated 1 year, 6 months ago by ABDILLAH FARKHAN.
-
AuthorPosts
-
-
2022-09-17 at 2:09 pm #38136ABDILLAH FARKHANParticipant
Novant Health Notifies 1.3M Patients of Unauthorized PHI Disclosure Caused by Meta Pixel
1.Short Description: A leading healthcare professional based in North Carolina, named Novant Health had informed an unauthorized disclosure of public health information (PHI). Its new project was a web-based application called My Chart and was launched in May 2022 to facilitate patient and physician appointment by filling the e-form. As the website used pixel cloud service provided by Meta (the parent of Facebook), there was a security problem at the moment this app was applied. The problem caused 1,3 Million patient databases were potentially disclosed and transmitted to Facebook and Meta without any license.
2. There were three important consequences impacted by the problem:
a. First, the PHI disclosures had made over 1 Million patients recorded on My Chart portal were potentially breached because that’s all were transmitted to Facebook. The sensitive data included contact information, appointment details, computer IP address, and information entered in the free text boxes.
b. Second, the Meta as a cloud vendor was facing backlash and many lawsuits which its privacy, confidentially, and security had been questioned.
c. Third, Novant Health was needed to notify the data breach occurrence to all potentially impacted patients to ensure organizational transparency.3. This problem happened as the impact of the failures of data configuration in the Pixel Cloud. Pixel is a piece of JavaScript code that has ability to track website’s visitor activity. The tracker is present within password-protected patient portals. When the patient clicked a button to make appointments with doctor’s schedule, the data are allegedly sent to Facebook. As a result, Facebook and Meta received patient’s information through user’s unique IP address.
4. Although the main cause was about incorrect database configuration within the Meta Pixel Cloud, but the root cause of this matter was unaware of any improper use operated by the Novant Health.
5. To prevent this unauthorized PHI disclosure, several steps might be taken are:
a. Enforcement of human capacity, including training for Novant Health database operator. The training should specific about cloud computing operation and data security.
b. Novant health should identify business process that requires computer operation and network utilization, then develop the standard operating procedure for any activities related to that business process. -
2022-09-18 at 5:35 pm #38146Kansiri ApinantanakulParticipant
Thank you for sharing!
Your report is very comprehensive.Please allow me to add my idea.
I think maybe the application developer should implement the process check, especially in the data transmission process. These should be established SOPs to prevent the release of application update patches that may cause the same errors. -
2022-09-19 at 7:53 am #38154ABDILLAH FARKHANParticipant
I agree. Cloud system checking is important before it is being launched. Even more, Meta is one reputable IT company in the world which already gained public trust.
Thank you for kind response. -
2022-09-19 at 9:51 am #38158PREUT ASSAWAWORRARITParticipant
Thank you for sharing such interesting story.
This is the risk of using cloud-based system that we have to send the data to store on the cloud server. If the organization has enough budget and personnel, try to get infrastructure-based system is another method to control the information.
Thank you.
-
2022-09-19 at 10:16 am #38159ABDILLAH FARKHANParticipant
Totally agree with you, brother. A health provider with over 1 M patients is considered as large-scale organization, and they should implement IaaS as the best choice for cloud computing rather than purchasing the software from Meta. Data security and privacy is ought to be the primary concern.
Thank you.
-
-
2022-09-24 at 3:18 pm #38303SaranathKeymaster
Thanks!
-
2022-09-25 at 2:56 pm #38344SIPPAPAS WANGSRIParticipant
I don’t mean to discredit Meta by any ways but it occurs to me that Meta or Facebook is a very infamous company regarding privacy issues. By providing health care service, trust no one to handle such a sensitive and confidential information and avoid using third-party integration as much as possible as we do not know what kind of source code embedded in our service.
-
2022-09-26 at 9:33 am #38352ABDILLAH FARKHANParticipant
Thank you for sharing.
For me with only experiencing Google Drive and Dropbox for storaging data, your valuable story would become my consideration for my ideal future in selecting the types and vendors of Cloud Technology.
-
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here