Is your health privacy at risk?

Octo-mom, ransom notes and stolen Blackberries entangled in these tales of health information breaches and lost medical records

Hospitals, pharmacies and health insurance companies are among the hardest hit when it comes to hacker attacks, stolen laptops, spying employees and other information security mishaps.

Laptop losers hall of shame

Healthcare organizations are losing more than just names, addresses and Social Security numbers. When their data gets stolen, patients lose the privacy of their medical conditions, treatments and medications while at the same time falling prey to identity theft, medical billing fraud and other criminal schemes.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Hospitals, pharmacies and health insurance companies are among the hardest hit when it comes to hacker attacks, stolen laptops, spying employees and other information security mishaps.

Laptop losers hall of shame

Healthcare organizations are losing more than just names, addresses and Social Security numbers. When their data gets stolen, patients lose the privacy of their medical conditions, treatments and medications while at the same time falling prey to identity theft, medical billing fraud and other criminal schemes.

Theft of electronic medical records is on the rise, and the implications are getting more serious. In a 2008 survey of identity theft victims, the Identity Theft Resource Center found that 67% had been charged for medical services they never received and 11% were denied health or life insurance due to unexplained reasons. 

This is why hospitals like Maimonides Medical Center in Brooklyn are beefing up information security through the use of outside audits and other measures. (See related story). Walter Fahey, vice president and CIO of Maimonides, says he's never had a security breach and doesn't want one.

"You have to have these outside audits…to validate what your internal people are doing," Fahey says. "It's no different than having Ernst & Young come in and validate your financials. You need validation that you're doing everything you can to improve security and that you're people aren't missing anything."

Here's a look at the worst healthcare data breaches of 2009 as recorded by the Privacy Rights Clearinghouse and some of the scary stories behind them (or view this in slideshow format).

1. Hacked: Virginia Department of Health Professions
When: April 30, 2009
Patient records at risk: 8,257,378
What happened: More than 8 million personal pharmaceutical records were stolen from the state of Virginia's prescription drug database and held hostage by hackers, who demanded a $10 million ransom. The agency says as many as 531,400 patients had Social Security numbers listed in its Prescription Monitoring Program database, which includes prescriptions for painkillers that are often abused. 

2. Robbed: Peninsula Orthopaedic Associates
When: March 25, 2009
Patient records at risk: 100,000
What happened: Three back-up tapes containing information about 100,000 patients were stolen from this Salisbury, Md., medical practice while en route to an off-site storage facility. The stolen data includes Social Security numbers, employer names and health insurance numbers, leaving the victims at risk for medical identity theft. Patients were warned of the incident via letter on April 6, 2009. 

3. Hacked: Moores Cancer Center
When: July 16, 2009
Patient records at risk: 30,000
What happened: Moores Cancer Center at the University of California, San Diego, warned patients that a hacker had breached its computers and gained access to patients' personal information. The stolen data includes patient names, birth dates, diagnosis and treatment dates, but not Social Security numbers. The hospital said the incident occurred in late June.