Local Security Breach: UW Patient Information

Last month, the UW Heath system announced that a breach had been made of their patient information. If you missed it:

An unauthorized person gained access to information about 2,036 UW Hospital patients in March, a spokeswoman said Thursday.

While the breach didn’t include patients’ Social Security numbers, health insurance information or other financial information, it did include files on patient names, addresses, dates of care, reasons for visits, medical history and conditions, medications, diagnostic results and/or social history, among others.

The March 16 incident was discovered by UW Hospital on March 28, spokeswoman Lisa Brunette said.

The person accessed the information through an employee’s email. Once discovered, UW Hospital started an investigation, disabled the employee’s email and reset the password, Brunette said.

UW Hospital is sending letters to a group of patients about the incident and has set up a call center to answer patient questions, she said.

Businesses and organizations big and small are susceptible to cyber attacks. This will be a particularly expensive incident for the UW, especially when you consider HIPPA fines and the cost to recover these records. What’s most worrying is that it is typically an individual within an organization that poses the most risk for an attack like this. A malicious email, opened and a link clicked. Or a phone call to an unsuspecting employee, prompting them to screen share and log into a database. Did you know that most breaches go fully undetected and completely unknown for 146 days?

Here’s a few more startling facts about breaches:

  • The average cost of lost business was $1.57M in 2015. Up from $1.33M in 2014.
  •  1 in 5 organizations suffers a mobile security breach, primarily driven by malware and malicious Wi-Fi
  • The average cost paid for each lost/stolen record containing sensitive or confidential information was $154.

Are you worried about your environment? Have you considered your security posture recently? Our staff security experts can offer you a 360°  view into your environment and offer actionable solutions to your vulnerabilities. In light of this recent and local attack, we’d like to offer a 25% discount on our security assessment.

For more information about the assessment, or to get one scheduled for your environment navigate here:  http://itprosusa.com/security-assessment

ps. We also offer training for staff in recognizing and protecting themselves from attacks. This includes a series of fake phishing emails sent by us, training for your team, and then another round of phishing emails and reporting. It’s a great exercise for your team and has proven very successful!