LA Times: “Altogether, 16,288 patients’ information was taken from the home of a physician whose house was burglarized on Sept. 6, according to the UCLA Health System.
The data were on the physician’s external hard drive, officials said. Though the hard drive was encrypted, a piece of paper with the password was nearby and is also missing. The physician notified UCLA the next day and officials began identifying patients affected.”
I am continuously amazed at the number of security breaches involving patient healthcare information caused by careless use of portable storage media like external hard drives, flash drives, and even laptop hard drives. Patient information should never be stored or transported this way. I believe that utilizing cloud computing with simple browser access is a much better solution.
What makes this particular incident so bad is the cause; reckless behavior by a physician. This wasn’t UCLA’s fault, per se. Sure, the medical center must accept a share of the responsibility, the lion’s share of the blame falls in the lap of the physician. Not only did the physician have sensitive patient information on an external hard drive, but was dumb enough to have the password to access the drive on a piece of paper next to it. Kind of defeats the purpose of encryption and passwords, doesn’t it.
For an eye-opening look at the magnitude of data loss and security breaches drop by DataLossDB.org sometime. It’s scary stuff.