Saint Francis Health System Alerts Customers And Patients On Possible Data Breach

By Author: eccuni
Total Articles: 211
Comment this article

Information security is crucial for retaining trust of stakeholders and ensuring undisrupted business operations. However, various factors such as burglary, lapses in information security mechanisms, flaws on website, vulnerabilities in software, and attacks by cybercriminals, insider theft and inadvertent errors by employees cause data exposure. Recently, Saint Francis Health System reported security breach at its hospital in Broken Arrow, Oklahoma. The breach was allegedly caused by a theft of a computer system, last used in 2004. The computer contained names, addresses, date of births, billing information, social security numbers, and diagnosis codes pertaining to around 84,000 patients. The stolen computer also contained information such as date of births, social security numbers, salary details and mailing addresses of employees. Ironically, the computer system is reported to be stolen from a secured room. Counter crime agencies are currently investigating the incident. Hospital authorities have initiated an internal enquiry and have also started the process of notifying the affected customers and employees. While the ...
... company has not received information regarding misuse of information, offenders having access to the data may abuse them for malicious purposes such as misrepresentation, identity fraud, fake loan applications, extortion and other criminal activities.

Security breaches and data theft may have manifold implications for both individuals and organizations. Lack of awareness among employees may result in lax attitude leading to security breach incidents. Regular training sessions, online IT courses and e-learning programs could help in creating security awareness among employees.

Organizations must have proper network security as well as physical security mechanisms in place to avoid security breaches. Computers containing privileged information pertaining to the customers and the business could be separated from those used for conducting routine operations. All systems must be password protected to restrict access to the concerned employee and prevent unauthorized access to other users. Computer systems no longer in use must be password protected and kept in a locked room at a secured location in the organization premises. Access to such rooms must be restricted to a few authorized employees. Computers and other IT devices must be properly numbered and accounted for in the inventory. Old and excess computers and IT devices are often disposed through auction or direct sale. However, hard drives may contain sensitive information, which could be retrieved after they are discarded. As such, hard drives must be appropriately degaussed before their disposal. IT employees must be encouraged to keep themselves updated on the latest threats and protection mechanisms through webinars and online IT degree programs.

Saint Francis has offered one year credit protection to the affected customers and employees. The company has also set up a 12-hour information line for resolving queries. The affected individuals may place a fraud alert on the credit file to ensure additional verification by banks and credit institutions prior to sanctioning of loan. They must also verify their bank and credit card accounts for any unauthorized transactions.

Sophisticated threats in the IT environment have resulted in increased demand for professionals qualified in IT degree programs, computer forensics, security audit and other certifications.