Malware Possibly Exposed PHI of UMass Patients
According to UMass (University of Massachusetts) at the University Health Services of Amherst (USA), a computer contaminated with malware may've put the PHI (protected health information) of certain patients in danger, back in 2010. Cmio.net reported this on March 9, 2011.
Incidentally, University Health Services (UHS) is the in-house health center of the University, providing care, knowledge and referral facilities to pupils, teachers and staff.
Actually, malware got inadvertently loaded onto the UHS computer on June 30, 2010 causing widespread infection onto the user files. Consequently, information comprising full names, codes of medical records, and names of health insurance firms remained potentially in danger.
Additionally, data relating to prescriptions issued during January 2-November 17, 2009 along with dispensed medicines' names, names of dispensing pharmacies, period of the prescriptions' lasting, doctors' names, was likely hijacked.
Reportedly, details concerning 942 patients were compromised. But, on October 28, 2010, the University spotted the malicious program, which it shortly removed. Moreover, following an investigation thereafter that finished on February 1, 2011, the problem got confirmed.
Stated a Spokesman, according to the rules concerning security violation notifications, organizations must inform patients, who became affected, about the problem in 60-days from its finding. So the University considered February 1, 2011 as the beginning of the 60-day period since the investigation finished on that day, while believing they abided with the law, he added. Healthdatamanagement.com published this on March 9, 2011.
But unlike organizations, which usually offer a service of credit protection free-of-cost, UHS isn't providing this service since there's been considerable loss of clues for establishing that information actually got replicated from the University Health Services computer.
States the spokesman, according to University lawyers, it was best that people carefully watched their dealings as also remained vigilant.
Finally, it's because of the above kinds of patient data compromises that Ponemon a research company highlighted within its "Benchmark Study on Patient Privacy and Data Security" paper of November 2010 that such compromises meant a yearly loss of $6bn to healthcare organizations, and that several such security violations remained unidentified, even while the healthcare sector strived for safeguarding confidential medical records.
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 21-03-2011