« Business Continuity, Disaster Recovery

Sutter Health hospitals suffer data breaches again

Hospitals should have programs in place to defend patients' information from data breaches.
Hospitals should have programs in place to defend patients' information from data breaches.

The healthcare industry has added many technological changes in recent years. One of the largest adjustments has to be leaving paper records behind and embracing electronic heath records (EHRs). Last month showed that over 50 percent of doctors and 80 percent of hospitals are actively using EHRs, according to the Washington Post.

Medical professionals need to safeguard all data, including patient records. Sutter Health, a network of 30 hospitals and offices in California is having a hard time preventing data breaches.

Last month's data breach is the company's third since 2011. According to Health IT Security, Sutter Health is a part of a class-action lawsuit before Sacramento County Security Court for a data breach that involved a stolen, unencrypted computer with information of about 4.24 million individuals.

What's more alarming about this most recent breach is that police officers were not looking for Sutter Health's records during an investigation at a suspect's home. Individuals were being questioned for possessing illicit drugs, when authorities discovered patient records in the house as well, according to the Sacramento Business Journal.

"We started doing an investigation and were looking for other stuff and found that," Sergeant. J.D. Nelson from the sheriff's department told the Journal.

The search in Oakland, California showed that information of 4,500 patients like names, Social Security numbers, birth dates, gender, addresses, home phone number, martial status, names of employers and work phone numbers were compromised.

No one is sure how the health records got there and cannot confirm which hospitals were targeted. According to a statement from Sutter Health, information could have come from Sutter Health's Alta Bates Summit, Sutter Delta or Eden medical centers.

As a part of their disaster recovery plan, affected Sutter Health patients will receive free credit monitoring service. Other hospitals may consider looking into their own data security after seeing breaches occur within the industry.

Business continuity consultants who specialize in disaster recovery planning can help organizations protect their clientele and keep their information safe.