information governance program paper
Privacy and Security Considerations for Information Governance
find an example of a security breach that compromised data records at a company in the healthcare industry. Summarize the breach, discuss the data that was lost and identify security controls that you would recommend being in place
The American Medical collection Agency breach in 2019 total 25 million patients.
The protection of personally identifiable information is a core focus of information Governance efforts (Smallwood, 2014). The American Medical collection Agency (AMCA) breach in 2019 is the biggest data breach in the healthcare industry ever. A breach of this size is a good reminder to HIPAA entities that health information remains the target of primary cyberattack.
Toward the beginning of May 2019, an 8-K filing with the Securities and Exchange Commission uncovered charging administrations seller AMCA Agency was hacked for a very long time between August 1, 2018 and March 30, 2019 (Jennings, 2019). Since the breach was uncovered, six covered entities have reported their patient information was undermined by the hack in the event. Notwithstanding, most of the affected providers are still proceeding to investigate the breach's extent, so the aggregate sum of influenced patients will be unknow for a significant length of time.
Up until now, up to 12 million patients from Quest Diagnostics and other clients are known to be affected. The hacked framework incorporated a trove of personal and monetary information from the lab testing goliath, including Social Security numbers and clinical data. Additionally, up to 7.7 million LabCorp patients were affected, as well as 422,000 patients of BioReference. As of late, two more covered entities have been added to the count: Penobscot Community Health Center in Maine with 13,000 influenced patients and Clinical Pathology Laboratories with 2.2 million patients (Revenuecycleadvisor.com, 2019). Also, a sixth provider, Austin Pathology Associates, revealed at least 46,500 of its patients were affected by the breach. Not long after, seven more covered entities announced they also were affected: Seacoast Pathology, Natera, American Esoteric Laboratories, CBLPath, South Texas Dermatopathology, Arizona Dermatopathology, and Laboratory of Dermatopathology ADX. Altogether, over 774,640 patients have been added to the breach by these covered entities (Natera did not reveal the number of its patients were affected), bringing the absolute number of affected patients to in excess of 25 million (Davis, 2019). AMCA's parent organization, Retrieval-Masters Creditors Bureau, has since filed for bankruptcy, while the charging merchants, Quest and LabCorp are also confronting various investigations and lawsuits.
Explanation:
At present, the AMCA occurrence is the most significant healthcare information breach yet. The known victims tally from the American Medical Collection Agency (AMCA) information breach has risen to nearly 25 million. Upon this revelation, Inform Diagnostics suspended AMCA benefits and started an investigation. The breached information included both personal and payment data. The breached information differed by tolerance and did exclude actual lab test results; 173,617 patients were included in the hacked data, as per the Department of Health and Human Services' breach reporting tool.
CompuNet clinical laboratories, another victim, took in of the break from AMCA authorities. AMCA gave charging assortment administrations to CompuNet through a joint endeavor accomplice, Quest Diagnostics. Also, authorities said they are effectively finding a way to recover and get all CompuNet information put away in AMCA's frameworks. AMCA, Quest, and LabCorp are under investigation for their response to the breach, and a few patients remembered for the break have just recorded claims.
Wisconsin Diagnostic Laboratories (WDL) is another medical services organization affected. An organization of 13 clinical testing offices in and around Milwaukee, is advising 114,985 patients that a portion of their secure health data was undermined in the AMCA data breach. AMCA informed WDL that a portion of its patients' information had been disclosed because of a web installment entry hacking (Alder,2019). The types of information in the AMCA frameworks included personal, payment data, and other clinical data related to the service provider by WDL. A set number of people additionally had their financial data compromised. Those people have been notified directly by AMCA. The only patients affected by the breach were those who had outstanding bills that had been passed to AMCA for collection. As has been the situation with different customers affected by the breach, WDL has stopped working with AMCA and has been working to ensure all patient data is recovered and secure. WDL is the 23rd healthcare organization to confirm it has been affected by the AMCA breach. Provisional figures demonstrate 24,911,500 people have been affected by the breach.
This example starkly demonstrates that network security is essential to prevent intrusions of sensitive and controlled personal data. Encryption is the best way to protect patients' data from being accessed if a breach occurs. Encryption must be used both at rest and in transit and third-party vendors can access the network or database of healthcare information that needs to deal with patients' data appropriately.
Reference
Alder, S. (2019, August 28). AMCA Data Breach Total Nears 25M as Wisconsin Diagnostic Laboratories Confirms 115K Record Breach. HIPAA Journal. https://www.hipaajournal.com/amca-data-breach-total-nears-25m-as-wisconsin-diagnostic-laboratories-confirms-115k-record-breach/
Davis, J. (2019, August 2). The 10 Biggest Healthcare Data Breaches of 2019, So Far. Health IT Security.
https://healthitsecurity.com/news/the-10-biggest-healthcare-data-breaches-of-2019-so-far
Jennings, J. (2019, Jul 26). Inform Diagnostics Statement Regarding AMCA Data Breach. Business Wire.
https://search.proquest.com/wire-feeds/inform-diagnostics-statement-regarding-amca-data/docview/2264211668/se-2?accountid=10378
Revenuecycleadvisor.com. (2019). Biggest healthcare data breach of 2019 shows health data still
highly valuable to cyberattackers. Briefings on HIPAA, 19(7), 4–6
Smallwood, R. F. (2014). chapter 2. In Information governance: concepts, strategies, and best practices
(p. 20). John Wiley & Sons