Healthcare organizations face yet another risk – as if they didn’t have enough already. Who knew that the increase in the price of silver would cause an increase data breach risk for imaging centers, orthopedic centers, and even general health clinics.
Calling 15,000 people to make them aware that their X-rays had been stolen from the warehouse can be a difficult job. Ask Detroit-based Henry Ford Health System (see CBS Detroit WWJ News story).** At first the patient may not care because it was an X-ray of their broken foot from eight years ago but what they don’t realize at the moment is that there is more to it than that. Theses X-rays contain personal information as well as a diagnosis. Personal information ranging from full name, address, date of birth, medical record number, and even social security numbers on some. With the identification included on each of these stolen X-rays it becomes a large data breach case and one can only hope the clinic’s insurance policy includes data breach (cyber liability).
The initial assumption on the reason for these X-rays being stolen is for the silver content. With the price of silver increasing, these X-rays become a valuable piece of material. However once they realize the additional information they are getting with the X-rays it becomes a personal bonus to the thief. This leaves the potential of causing a much bigger problem for the patients and a much larger lawsuit for the clinic.
These types of breaches have become increasingly common as silver prices have risen in recent years and silver can easily be extracted from the films. Local media during the past year report stolen X-rays from hospitals in Alabama, California, Delaware, Illinois, Massachusetts, Ohio and Virginia, among others, as well as in Toronto, Ottawa and London in Canada.*
One hospital even contracted with a vendor to digitize X-rays and then properly dispose of them, but the vendor recycled the silver and disappeared. There have even been people posing as employees of recycling firms who then gone into hospitals claiming to have been contracted to remove old films and were allowed to take them. At one hospital, security turned away two men posing as recycling employees, but they later returned, went directly to the radiology department and were permitted to take the films. Some suspects have been arrested after being identified from surveillance cameras inside victimized hospitals.*
Interestingly, it seems they would need a lot of silver to make any money at all. “The actual process to be able to recover the silver out of the film is more expensive than what someone who is trying to get the silver out thinks it is,” explained Henry Ford security officer Merideth Phillips.
Medical clinic administrators need to be certain that their facilities are properly covered for all risk. Cyber liability is an important coverage to offer in all professional liability policies, and is crucial to have in the cases listed above.
*Source: Health Data Management (Online)