- This topic has 10 replies, 11 voices, and was last updated 3 years, 7 months ago by Kridsada Sirichaisit.
-
AuthorPosts
-
-
2020-09-26 at 10:48 pm #22791Khaing Zin Zin HtweParticipant
1. Brief description of the story
On 29th January 2018, Middletown Medical based in New York discovered a flaw in the security setting of radiology interface breaching more than 63,500 patient records. Although it was fixed the next day, officials could not estimate how long the data was exposed.
The breached data contained types of data which can be used for medical fraud, including patient names, identification numbers, birth dates, types and dates of received radiological services. It was stated that social security numbers and financial data were not breached, however, diagnosis codes, radiological images and reports were included for some patients, which are sensitive data.
2. Impact/Consequences of the data breach
Impact on the provider
– Additional cost to offer free medical service to patients as a form of indemnity
– Decline in reputation of the center
– Unauthorized modification of the database leading to incorrect health dataImpact on the patients
– Stolen clinical identification number used for billing for care and filling prescriptions
– Social discrimination if the medical status of the patient e.g., TB was exposed to the pubic
– Harm to physical wellbeing of the patient
– Anxiety and other mental health of the patient if he/she is sensitive about his medical condition being exposed3. How the data breach occurred
The center left a radiological interface open of the public, exposing patient data in the process.
4. Main cause of the data breach
It was database misconfiguration which caused the data breach. Misconfigured databases are generally due to ill-defined security framework which lead to pathways for those with malicious intent.
5. Prevention of this type of attack
By employing these security measures, this type of data breach attack could be prevented:
– User account management with strong policy
– Encryption of data
– Regularly updating the applications
– Firewall protection
– Monitoring vulnerabilities in the database/application and imminent attacks -
2020-09-27 at 8:02 am #22805Sittidech SurasriParticipant
Great information, especially on the impact/ consequences of the data beach that you have mentioned about cost.
-
2020-09-28 at 2:27 am #22819Wachirawit SupasaParticipant
I agree with you and I’d like to add a prevention method. By using an internal registration number such as Radiology Number instead of Hospital Number. For example, when the patients came to the radiology department they will be assigned with these numbers that associate with Hospital Number. If this data breach happens again due to other technical failures, the data will only consist of Number and Radiology Finding while patient names, identification numbers, and birth dates will not be include because it’s stored in another database and making it harder to identify the specific patient.
-
2020-09-29 at 10:54 pm #22864Phone Suu KhaingParticipant
Thanks for interesting explanation on case study!
I really like the way you explained about the impact! I would also say that we should always do risk assessment for data security and should always have contingency plan. -
2020-09-30 at 12:51 am #22873Ornpicha ThiampolParticipant
Thanks for sharing. You describe the effect on the provider and patient clear. The patients’ data are sensitive, so they should provide more security.
-
2020-09-30 at 5:08 am #22883Saravalee SuphakarnParticipant
Thank you for the explanation. I agree with all of your prevention plan and I agree with Dr.Saranath comment that it challenges to balance between data security and data utilization. In my opinion, in this case, system security such as anti-spyware, firewall protection etc. and software security, which should be updated and tested performance, are important for the prevention.
-
2020-09-30 at 6:54 am #22884Navinee KruahongParticipant
You made really good points on the circumstance of the data breach which separated providers and patients’impacts. You also gave many good prevention measures. I would like to extend that data security policy/regulation is really important to this case. It will ensure that a hospital have a good plan to use and secure data of patients, and also the method to solve a problem responsively when a data breach occurs.
-
2020-10-02 at 2:20 am #22915Kaung Khant TinParticipant
Thank you so much for this informative report. I agree with your preventive measures. And Dr.Saranath’s comment which is “Balancing between data security and data utilization” is worth – noting. Thank you all.
-
2020-10-06 at 10:18 pm #23070NaphatParticipant
Preventing a data breach is very important. Because it may affect to the data subject and including others who are not related to it
-
2020-10-20 at 11:34 pm #23441Kridsada SirichaisitParticipant
This problem may from availability and security. The physician want to access PACS from home or the others place out of hospital for convenient to access data and timeliness in some situation such as fast track case. VPN can use to solve this problem, to access out of intranet must connect to VPN to receive intranet IP to access PACS and this way can record log of access to VPN both IP address and user account.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here