Detroit Medical Center blames data breach on outside agency

  • Iceberg nearly the size of Delaware just broke free of Antarctica

    Iceberg nearly the size of Delaware just broke free of Antarctica

  • Little Caesar on new Detroit arena sparks controversy

    Little Caesar on new Detroit arena sparks controversy

  • Watch: Miles Bridges, Nick Ward, lots of dunks

    Watch: Miles Bridges, Nick Ward, lots of dunks

  • Miguel Cabrera's social media posts highlight crisis in Venezuela

    Miguel Cabrera’s social media posts highlight crisis in Venezuela

  • Human chain formed to save strangers in rip current

    Human chain formed to save strangers in rip current

  • Hotel room keys and other stuff we'll ditch over the next decade

    Hotel room keys and other stuff we’ll ditch over the next decade

  • Down & dirty: Kids get messy on Mud Day

    Down & dirty: Kids get messy on Mud Day

  • Listen to 911 call in Chris Cornell's death

    Listen to 911 call in Chris Cornell’s death

  • What you need to know about black bears in Michigan

    What you need to know about black bears in Michigan

  • Architectural salvage makes Riverfront loft a stand out

    Architectural salvage makes Riverfront loft a stand out

A data breach at the Detroit Medical Center that might affect 1,529 patients was the result of a contract employee turning over information to an unauthorized third party, officials said today.

Since becoming aware of the breach, DMC said the hospital administration has reviewed all electronic health records to which the agency employee had access. It has terminated its relationship with the agency employee, as well as the individual’s access to all DMC computer systems.

Consumers whose data might be at risk were mailed letters and are being offered credit monitoring services through the ALLClear ID Alert Network at no cost, according to the DMC. 

The hotline number related to the breach is: 888-362-3370. 

More at freep.com:

The DMC said the breach involves protected health information for patients seen at a DMC facility between March 2015 and May 2016. 

It said it has filed a complaint with law enforcement concerning the theft of records by the agency staff member and is cooperating fully with an ongoing police investigation. 

The health system said that a staffing agency contracted by the DMC notified the hospital that one of the agency’s employees had turned over information to an unauthorized party, not affiliated with the DMC.

 

Melanie Moss, market director of public relations and external affairs for the DMC, said the breach involved records at all of its facilities — which are Children’s Hospital of Michigan, Detroit Receiving Hospital, Harper University Hospital, Huron Valley-Sinai Hospital, Hutzel Women’s Hospital, the Rehabilitation Institute of Michigan, Sinai-Grace Hospital and DMC Heart Hospital.

Moss declined to say what types of files seemed to be targeted or the types of patients who might be compromised. She said she could not elaborate beyond the press release. 

Cyber security experts say hospitals are increasingly being targeted by criminals who are after medical data — which is extremely profitable on the black market. Hackers try to go after batches of data to obtain Social Security numbers and other data to either use or sell on the dark web.  

“The details are mind blowing at just how much personal medical information is included in some patient files,” wrote Bob Diachenko, chief security communications officer for the Kromtech Security Research Center in a recent blog post. 

Medial data breaches are reported regularly on the MacKeeper security research center blog. 

Diachenko said in an email one of the latest data breaches potentially affects thousands and thousands of patients at Bronx Lebanon Hospital Center in New York.

He said no universal standard appears to exist for medical data security.

“The patchwork of so many different medical billing providers using different methods of storage increases the chances that some providers will use little or no cyber security methods to protect medical data,” Diachenko said.

“Keeping medical data and hospital networks safe from unauthorized access is one of the biggest security threats facing the industry,” Diachenko said. 

Adam Levin, a cyber security expert and author of “Swiped,” said breaches are a certainty in life these days. 

“Protected healthcare data contains a treasure trove of personal information, including Social Security numbers, date of birth and insurance information that hackers could sell on the black market or use to phish the victim and target them for medical, financial, tax-related or even criminal identity theft,” Levin said in an email. 

Levin noted that health care organizations need to make sure that vendors and third parties use the “best cyber hygiene practices.” 

The DMC said it has implemented changes to monitoring programs in order to prevent future breaches. 

Hospital officials expressed regret in a press release issued Thursday that the situation took place. 

“The protection of patient information is of utmost importance to DMC,” the release said. 

Contact Susan Tompor: stompor@freepress.com or 313-222-8876. Follow Susan on Twitter @Tompor. 

Read or Share this story: http://on.freep.com/2uVUbbI

Source