Is America One Step Closer to Our Own GDPR?
State authorities of our most northern state, Alaska, just updated their initial notification from an estimate of only 501 individuals having their health department data breached to 700,000!
This brings up two timely questions:
1. How could this have happened to our most sacred HIPAA data?
2. How could they call themselves authorities?
Per a statement released by CynergisTek, “Alaska DHSS has a history of playing fast and loose with their obligations under the HIPAA Breach Notification Rule to accurately report incidents involving breaches.” This observation is duly supported by the DHSS less than stellar history. For example, in 2009 the Alaska DHSS reported a theft of an unencrypted USB drive potentially containing Medicaid beneficiaries’ health info and in 2012 the DHSS was fined $1.7 million for their part in this HIPAA breach. https://www.healthcareinfosecurity.com/alaska-hipaa-penalty-17-million-a-4902
If these numbers of breached records hold fast this would be the fourth largest health data breach reported to federal regulators just in 2018. This breach included information on pregnancy status, incarceration status, Medicaid/Medicare billing codes, criminal justice, health billing, Social Security numbers, driver’s license numbers, first and last names, birthdates, phone numbers, and other confidential data, the June statement said. “Hackers may have used the infected computer to steal data,” according to the statement. Upon discovering the hack, the department took immediate action to mitigate further access to the infected computer, the statement added.
It only seems natural, particularly based on our nation’s past history, that it typically takes a crisis for our federal government to take action. If this, as well as the EU’s current activity with GDPR fine collections, does not spur one of our branches of federal government to take action, one must wonder what will.
A logical action for all departments of the government as well as private companies would be to proactively implement a robust application such as the one provided by Spirion to rapidly discover, accurately classify, and automatically protect all of their sensitive data both on premise and in the cloud.
Visit GDPR Compliance to learn more.