HealthCare.gov Breach: The Ripple Effect - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
HealthCare.gov Breach: The Ripple Effect
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Ed Telders
50%
50%
Ed Telders,
User Rank: Apprentice
9/8/2014 | 12:35:58 PM
Re: 276 Breaches
Actually that is not quite accurate.  Breaches of over 500 must be reported quickly to the HHS and no later than 60 days after it's discovery.  But breaches of under 500 are still required to be reported, the difference is that is must be reported within 60 days after the end of the calendar year in which it is discovered.  They simply have more time to report, and if there are a series of them they would be reported in a batch together.  So it does have to be reported but it is not in a timely manner, it is after the end of the calendar year.
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
9/8/2014 | 12:29:07 PM
Just a test server, but ...
The one reason I can see why the hacking of a test server should be of concern is that it potentially gives an attacker insight into the technical architecture that would also be used on live servers, providing a roadmap for attacks on them.

Otherwise, I can't see this as much of a hair on fire moment. It's not really a "breach" at all, just a garden variety dumb mistake.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/8/2014 | 11:02:00 AM
Re: 276 Breaches
Yes. It is a healthcare rule, which can be found under the HHS website. You can copy/paste the link, below, to see the so-called Wall of Shame and rules surrounding reporting of healthcare breaches. http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

 
progman2000
50%
50%
progman2000,
User Rank: Ninja
9/8/2014 | 10:41:21 AM
Re: 276 Breaches
Ew, that's disturbing.  I have never heard that before (a breach doesn't need to be reported unless it affects more than 500 people).  Is that a Healthcare thing?
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/8/2014 | 9:47:12 AM
Re: healthcare breaches
I agree, @Paul, that it's not the first -- or fifth or sixth -- consideration many of us have when choosing a doctor! But I think, at some point, it could well make the list when people select a hospital. Sure, many experts say consumers are getting numb to breaches but I believe anger will occur after numbness, and that anger could well crop up with healthcare providers since we sometimes have so little choice in their selection once you go through the insurance hoops. 
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/8/2014 | 9:41:45 AM
Re: 276 Breaches
You are correct, @PaulS681: Breaches don't have to be reported unless they affect more than 500 people. So if your doctor's office loses a drive that, say, contains records of 467 people, s/he doesn't need to report that... even if it happens 10 times in a month.
PaulS681
50%
50%
PaulS681,
User Rank: Ninja
9/6/2014 | 1:31:48 PM
276 Breaches

There were 276 beaches last year but how many go unreported? I thought I read somewhere that it depended on the severity of the breach if it needed to be reported or not. I could be wrong but if there is any truth to that that is ridiculous.

PaulS681
0%
100%
PaulS681,
User Rank: Ninja
9/6/2014 | 1:28:45 PM
healthcare breaches

It's alarming how many breaches there continues to be. It's a good point about people not being so quick to switch doctors due to a breach. I can't imagine picking a doctor by how few breaches an office has had.

 

<<   <   Page 2 / 2


State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
IT Salary Report 2020: Get Paid What You Are Worth
Jessica Davis, Senior Editor, Enterprise Apps,  2/12/2020
Slideshows
10 Analytics and AI Startups You Should Know About
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/19/2020
News
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll