The data breach occurred after an employee’s notebook was taken from his locked car. Unfortunately, that computer contained a goldmine of exploitable information, including patient names and addresses, dates of birth, Social Security numbers, medical record numbers, insurance information and, Cancer Care said, possibly even clinical data about treatments. Employee data was also on the laptop.
Cancer Care said it has warned its patients and employees, who could now be the targets of banking fraud or identity theft.
“Cancer Care Group has taken a number of steps to help keep this from happening in the future,” said spokesman Clyde Lee, in a statement. “Cancer Care Group is encrypting all mobile media, updating policies and procedures, upgrading data storage technology, and re-educating our workforce on safety with mobile media."
The physician group is one of the largest privately owned radiation oncology programs in the US, with 21 locations throughout the state of Indiana. The breach is the latest in a string of healthcare-related information theft, and the fourth-largest to date in 2012, according to HealthCareIT News.
The Utah Department of Health claims the dubious honor of the most patient records compromised, with 780,000 people, followed by Emory Healthcare (315,000 records) and the South Carolina Department of Health (228,000).
Sadly, healthcare organizations lack proper preparedness for breaches. A recent survey by BridgeHead Software found that only one-quarter of healthcare organizations have robust disaster recovery plans in place for their patient data.
While 64% of respondents said their organizations had some kind of disaster recovery strategy in place, the majority (38%) had never been tested.
“There is a lack of robust disaster recovery planning, despite the fact it appears to be a fundamental requirement for healthcare IT professionals," said Jim Beagle, CEO at BridgeHead.
“The situation is only going to get worse as…the datasets get larger and larger; this whole issue is becoming a growing problem for healthcare professionals”, Beagle told Infosecurity.
Sadly, the trend is a growing one. More than 70% of healthcare providers suffered patient data breaches last year, according to a survey by consulting firm Veriphyr.