HIPAA Breach at Kaiser

Healthcare IT News reported that Kaiser had it’s Fourth HIPAA breach. Here’s a part of their description of the breach:

Some 5,100 patients treated at Kaiser Permanente were sent HIPAA breach notification letters Friday after a KP research computer was found to have been infected with malicious software. Officials say the computer was infected with the malware for more than two and a half years before being discovered Feb. 12.

We have confirmed that the infection was limited to this one compromised server, and that all other DOR servers were and are appropriately protected with anti-virus security measures,” said Tracy Lieu, MD, director of the division of research at Kaiser Permanente, in an emailed statement to Healthcare IT News. “It is important to note that the compromised server is used specifically for research purposes at the DOR and is not connected to Kaiser Permanente’s electronic health records system.

It’s quite interesting that in one part they say that the computer was infected with malware and that caused the breach. Then, they note that the antivirus software wasn’t being updated properly because of a “human error related to configuration of the software.”

This is a little disturbing to a tech person like me, because the person doesn’t know the difference between anti-virus software which works to stop and prevent viruses from infecting your computer and malware which usually isn’t covered by anti-virus software. They do have malware software to prevent malware, but it’s only so so in my opinion. It’s fighting a losing battle, but an important battle nonetheless.

I bet if we went into any hospital today, we’d find dozens of their computers infected with malware. Would be an interesting study for someone to do. I know many hospitals lock their computers down and block them from surfing many internet sites to try and deal with this problem. That can be pretty effective, but you do make many of your users angry in the process. The IT security people don’t mind that at all. Luckily, with phones people can still get their Facebook IV drip without having to infect the hospital computer. That is until the personal mobile phone gets compromised and infects the hospital network. That’s coming down the road as well.

About the author

John Lynn

John Lynn

John Lynn is the Founder of the HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.