« Business Continuity

Data breach recovery aided by business continuity planning

Women and Infants Hospital reported a data breach earlier this week when it was discovered that 14,000 patients' ultra sound photos and other personal information went missing.
Women and Infants Hospital reported a data breach earlier this week when it was discovered that 14,000 patients' ultra sound photos and other personal information went missing.

More medical facilities are becoming reliant on electronic medical records (EMRs) and are working toward a full transition to technological systems. Along with EMRs, there is electronic prescription software and ICD-10 implementation – a comprehensive database of diseases and injuries.

With such a push for technical adaptation, healthcare organizations need to ensure that they conduct a comprehensive risk assessment to create a business continuity plan that accounts for online threats. The same way that other companies don't want to put customers at risk of identity theft, hospitals want to keep patient data secure.

The Boston Globe recently reported on one incident of compromised information. Women and Infants Hospital announced on Monday that ultrasound images and personal data for about 14,000 patients who visited facilities in Rhode Island and Massachusetts years ago have disappeared.

According to the source, back in September, the hospital noticed that it couldn't find unencrypted backup tapes containing ultrasound images for patients who visited walk-in facilities in Providence and in New Bedford, Massachusetts. Affected individuals have been notified by letters and a help-line was created to answer any questions.

Along with the missing images were names, birth dates and in some cases, Social Security numbers. Officials added that, just to be cautious, Women and Infants is offering free credit checks for one year to patients who might have had their information exposed.

The hospital said it would take "specialized equipment and technical expertise" to access the information and that it has taken steps to prevent further loss of records.

While it's crucial to work toward quick business resumption, and reassure customers or patients that any data breaches will be resolved without hassle, a comprehensive business continuity plan will ensure it runs smoothly. A consultant trained in small business disaster recovery will properly train all employees so an organization can work towards prevention – and when necessary – recovery.