- This topic has 6 replies, 7 voices, and was last updated 2 years, 7 months ago by Saranath.
-
AuthorPosts
-
-
2021-09-22 at 11:13 am #31471Navin PrasaiParticipant
1.Brief description of the story.
Guidehouse, a business consulting service used Accellion FTA service for secure file transfer to Pennsylvania located Lehigh Valley Health Network (LVHN)clients and also for California-based Community Memorial Health System in medical claims billing and collection services. They have found that there was a breach in the Patient’s Health Information(PHI) on March 2021 however the incident happened in late January 2021. Guidehouse instantly terminate Accellion FTA, law enforcement was notified and started conducting investigations for the safety, security, and confidentiality of PHI.2.Impact and Consequences of the data breach.
It is concerned about the safety, security, and confidentiality of a Patient’s Health Information(PHI). LVHN patients’ medical record numbers, account number(s), date(s) of service, diagnosis and procedure name, billing/payer information, and provider names are found by the investigators as data breaches.
3.Occurrence of the data breach
The data breach occurred while using third-party Accellion FTA for file transfer of Lehigh Valley Health Network (LVHN)clients and also for California-based Community Memorial Health System in medical claims billing and collection services.
4.Cause of the data breach
Guidehouse reported that the vulnerability of a third-party file transfer service, Accellion FTA was the cause of the data breach. Poor data encryption, failing to update the software, data misconfiguration can facilitate the vulnerability of the attacks.
5.prevention of this data breach attack
Guidehouse instantly terminate Accellion FTA, law enforcement was notified and started conducting investigations for the safety, security, and confidentiality of PHI. The people who are affected by the data breach are provided for identity protection and credit monitoring service by the vendor for two years. Proper monitoring in data encryption, updating software, using authentic software can prevent data breach attack.
-
2021-09-22 at 8:27 pm #31526Auswin RojanasumapongParticipant
In my opinion, the reputation of the third-party vendor (which includes the latest technology in security and good practice in handling data) is important when choosing vendors to handle health data.
-
2021-09-22 at 9:35 pm #31534Karina Dian LestariParticipant
I agree with Auswin’s comment above that the reputation of the third-party vendor needs to be carefully considered. Moreover, I think it is also important to have a yearly audit and evaluation to ensure that the security implementation is in line with the agreement.
-
2021-09-26 at 6:17 am #31658chanapongParticipant
Choosing a third-party file transfer service is very crucial and is the responsibility of the business. When data breaching occurs, the business and third-party vendors should take along the responsibility for the damage to their patients. To prevent breaching in third party service, regularly re-evaluate their data security and disaster plan is the top priority, not just the beginning of the contract.
-
2021-09-26 at 2:00 pm #31662Pisit SaiwangjitParticipant
Thanks for sharing your thought, I really appreciate it. I think the third-party service is somehow risky because you never know what their privacy and confidentiality measures so it would be better if we could inspect their reputation and reliable before using their services.
-
2021-09-26 at 10:33 pm #31673Anawat ratchatornParticipant
Thank you for sharing.
In my opinion, other than evaluation the vendor’s policy about cybersecurity at the beginning of implementation, it is necessary to continuously evaluate the policy and real action during implementation and also after the project is already implemented. -
2021-09-29 at 9:19 pm #31724SaranathKeymaster
Thanks everyone for sharing!
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here