St. Peter’s Health Partners Reports Data Breach from Stolen Cellphone

Data breach from stolen cellphone

A data breach of a large hospital system occurred from a stolen cellphone belonging to one of the health system’s managers. As reported in Albany Business Review, the breach required notification of over 5,000 patients that some of their personal health information was in the hands of a criminal. The specific data was in the form of emails, and included scheduling information and a general description of the appointment for the patient. Once the theft was confirmed, the phone was wiped remotely and blocked from the hospital’s corporate email system.

Mobile Devices Are Commonly Overlooked

When a medical or dental office is considering their data security plan, many times mobile phone and tablet security is overlooked. Many cell phones such as Androids and iPhones come with encryption features built in, or can be purchased as an add-on service. This risk could have been mitigated by applying encryption to the phone.
 
If a cellphone or tablet is being used for business purposes or has access to your practice’s email accounts, it is tantamount to the security of your patients data to manage the device much like you would a PC in the office.
 
Here is a “how to” for encrypting your Android phone, and here’s one for encrypting your iPhone. Tablets and iPads can be encrypted using similar techniques.

Mobile Device Management

Consider instituting a Mobile Device Management plan which includes full encryption of the phone protected by a complex password. In addition, a full mobile device management system has the ability to remotely turn on the GPS and discover exactly where the phone is. The value of this kind of service can’t be understated – a stolen cellphone doesn’t have to be lost to the criminal.
 
With mobile device management in place, you can track exactly where the phone is at all times via remote software installed on a PC, as well have the power to wipe the phone remotely and render it useless to the criminal. Much like cancelling a stolen credit card, you can cancel all usability of the phone remotely if you have a mobile device management plan in place.

Add Mobile Device Management to your IT Solution

Encrypt your cellphone

Mobile Device Management can be put into place at a very low cost. Encryption, for example, is usually free for most cellphone manufacturers. Installing software with the ability to turn on the GPS for tracking a stolen cellphone can be installed at lower cost than that of antivirus on even one PC.
 
If you are concerned about the security of your mobile devices as they pertain to your practice, contact us to find out more about this kind of protection, and how it can be applied to mobile devices with access to your practice’s email or patient data.

Consider enabling a Mobile Device Management plan to all of your devices which have access to patient information in any form. The power to enable GPS, locate, and wipe a phone remotely serves to protect your patients’ data when the device is outside of your protected office network, and provides a HIPAA compliant solution for you to work with your data while you are on the road or out of the office.

Stolen Cellphone without Mobile Device Management Leads to Breach