University Hospitals has sent letters to more than 7,100 patients letting them know that their personal medical information may have been exposed when a hard drive was stolen from a third party vendor's car in August. (Bill Gugliotta/The Plain Dealer)
As an IT expert specializing in IT data protection and disaster recovery, it's infuriating to read about debacles like this.There is absolutely NO EXCUSE; this is very basic IT 101. United Computer Group recently completed a very successful operating system upgrade for a different local hospital. As a result, their patient data and their reputation will not be compromised. It is imperative, and I strongly encourage UH to quickly do their due diligence.
Drive stolen on August 8th, data from 19 computers, taking their time to determine exact information on the drive, NOT encrypted. Now engaged with an IT Security firm? Do they think this was a "random" act? A lot of questions here and plenty of blame to go around. So much for HIPAA.
After I fired the IT person(s) responsible, I'd recommend speaking with Cleveland, OH based Jurinnov jurinnov.com
Compliance for Healthcare Organizations is the LAW. Find out more at vault400.com.
Jim Kandrac, Founder and President
United Computer Group, Inc.
ucgrp.com
It is hard to believe that even the basic security protection was not in place.
ReplyDelete