Internet Health Management: Health system Advocate pays a big fine for data breaches

August 5, 2016 — Health system Advocate pays a big fine for data breaches

Robert Capps, VP at NuData Security comments on this story.

Hospital data breaches can be expensive. A case in point is Advocate Health System, a big suburban Chicago health system that operates 12 hospitals.

This morning Advocate agreed to pay the federal government a fine of $5.5 million—the largest fine ever assessed for a healthcare data breach—and submit a plan of corrective action to settle a patient data breach violation following a federal investigation from 2013, says the U.S. Department of Health and Human Services Office for Civil Rights.

The Office for Civil Rights tracks, investigates and takes corrective action against hospitals that must report hospital data breaches to the federal government. Between August and November 2013 Advocate reported three separate unauthorized data breaches that exposed patient records, in violation of The Health Insurance Portability and Accountability Act of 1996, or HIPAA, a law that aims to ensure the confidentiality of patient medical records.

Health system data security analyst and product developers point to a troubling trend that the problems of data breaches and stolen electronic health records is getting worse. “The Banner Health breach is another stark reminder that traditional security methods aren’t working an when it comes to breaches like this, we don’t really think about what happens to the data after the initial theft, but this data doesn’t just disappear,” says NuData Security vice president of business development Robert Capps. “It’s collected and combined by the bad guys into a vast data set of consumer data, which is extremely useful to today’s fraudsters to thwart existing online security and identify verification systems.” NuData Security is a behavioral biometrics company that develops data security products for healthcare, financial services and e-commerce companies.