Data Loss Prevention Could Have Prevented Simple Email Mistake at San Diego Hospital that Resulted in Breach of 14,000 Patient Records

Photo by SHUN [iamtekn] “For Big Mistakes” Online Image. 24 January 2009 flickr

A month after announcing it ranked as a top medical facility in the U.S., Rady Children’s Hospital in San Diego had to apologize this week for an email mistake that caused a data breach affecting 14,000 patients. On June 6, an employee at Rady Children’s accidentally emailed a large set of patient data to potential job applicants who then forwarded the documents to other people. The breach included names, dates of birth, primary diagnoses, medical records and insurance carrier claim information for 14,121 patients.  Rady Children’s immediately set up a communication center staffed by 150 employees to call each family impacted. During the investigation, another similar breach was discovered that had occurred a few years ago that impacted an additional 6,000 patients.

Someone should create a bumper sticker that says“Breaches Happen” because the mentality of too many organizations seems to be “Hey, what can we do, it was an honest mistake.” Actually, these mistakes should not be happening at all. Here’s what every hospital should have in its security arsenal to make sure patient data cannot be breached due to human error:

  • Data loss prevention that scans all emails and attachments to prevent confidential data from being sent by mistake
  • Message recall that can wipe a message and attachment from a recipient’s inbox without needing their permission
  • Password protection of documents so an accidental recipient cannot open it
  • Forward and Reply Freeze so messages cannot be passed on
  • Real-time tracking to confirm and prove what actions have been taken on every message

Instead of basking in its first time ranking in the U.S. News & World Report ratings of medical facilities, Rady Children’s is dealing with the prolonged financial and PR nightmare of a breach. Human error is a controllable risk that every healthcare organization can mitigate. To see how easy it is to protect yourself using data loss prevention, sign up for a free Cirius trial.

image source: Flickr