Private Investigation And Security News

The Importance of Encryption

On July 15, 2013, the Park Ridge offices of Advocate Medical Group were breached.  Four items were stolen.  What were those four items?  Computers.  Four unencrypted computers that held information for more than 4 million patients. 

Kelly Jo Golson, senior vice president and chief marketing officer for Advocate Health Care, based in Downers Grove, Illinois, states “it wasn’t the level of information that’s included in a full medical record” and that data was used for “operational and administrative purposes.”   However, it has been revealed that the stolen data includes names, addresses, dates of birth, and Social Security numbers.  Is that not vital patient information? 

The breach at Advocate Medical Group is the second largest reported HIPPA violation.  Thieves that have access to such vital data can use that in many different ways criminally: identity theft, credit card fraud, Medicare and Medicaid fraud, as well as other insurance frauds.  This does not even get into the medical information that was revealed that may be used to blackmail or extort a person. This breach is more than just a HIPPA  violation; it can be used to incriminate or embarrass a person.  This breach can ruin peoples’ lives.

One may question, how could this happen?  Aren’t there security measures that are in place to protect us and our personal information?  There were supposed to be.  Golson stated that there were programs put in place in 2009, after an unencrypted laptop was stolen with over 800 patient records, to encrypt “all new laptops and all old ones that were able to be encrypted.”  Apparently this goal was not met by Advocate Medical Group. 

Unfortunately, this could have been prevented if the computers were encrypted. 

So what is Advocate Medical doing to put their patients’ minds at ease? 

According to Golson, “we established the call center, we set up the website.”  Advocate Medical also sent out over 4 million letters to the patients whose information was on those computers  as well as beefed up security at their administrative office in Park Ridge, Illinois. They also are offering a free one-year subscription to a credit monitoring service to the affected patients.  Is that enough?  What happens after that year of credit monitoring?  I can only presume that these victims will continue to use this credit monitoring service – at a cost of course.  But here is a free piece of advice.  You can accomplish the same peace of mind on your own – for roughly as much as a credit monitoring service will cost per month.  Call the three credit services and lock your credit.  No one can open a credit card, line of credit, or take out a loan.     

After a breach such as this, all organizations (in or out of the medical field) need to seriously consider encryption.  In businesses dealing with sensitive and private information, such as law firms, accounting firms, and medical offices, it is important to make sure the data is safe.  Teach your staff to encrypt information to protect your clients and your business.  It seems like a daunting task, however it is a simple process often just requiring an additional password.  At Maley Investigations, Inc. we can help protect you and your business so this does not happen to you.