Healthcare IT News reported that Kaiser had it’s Fourth HIPAA breach. Here’s a part of their description of the breach:
Some 5,100 patients treated at Kaiser Permanente were sent HIPAA breach notification letters Friday after a KP research computer was found to have been infected with malicious software. Officials say the computer was infected with the malware for more than two and a half years before being discovered Feb. 12.
We have confirmed that the infection was limited to this one compromised server, and that all other DOR servers were and are appropriately protected with anti-virus security measures,” said Tracy Lieu, MD, director of the division of research at Kaiser Permanente, in an emailed statement to Healthcare IT News. “It is important to note that the compromised server is used specifically for research purposes at the DOR and is not connected to Kaiser Permanente’s electronic health records system.
It’s quite interesting that in one part they say that the computer was infected with malware and that caused the breach. Then, they note that the antivirus software wasn’t being updated properly because of a “human error related to configuration of the software.”
This is a little disturbing to a tech person like me, because the person doesn’t know the difference between anti-virus software which works to stop and prevent viruses from infecting your computer and malware which usually isn’t covered by anti-virus software. They do have malware software to prevent malware, but it’s only so so in my opinion. It’s fighting a losing battle, but an important battle nonetheless.
I bet if we went into any hospital today, we’d find dozens of their computers infected with malware. Would be an interesting study for someone to do. I know many hospitals lock their computers down and block them from surfing many internet sites to try and deal with this problem. That can be pretty effective, but you do make many of your users angry in the process. The IT security people don’t mind that at all. Luckily, with phones people can still get their Facebook IV drip without having to infect the hospital computer. That is until the personal mobile phone gets compromised and infects the hospital network. That’s coming down the road as well.