- Al Sharpton, Trayvon Martin’s parents rally against Fla. ‘stand your ground’ law
- Hillary Clinton campaign got illicit funds from D.C. scandal figure
- Obama administration backs off plan to cut prescription-drug program
- Tickets linked to stolen passports purchased by Iranian middleman
- More than 3,500 police planned for Boston Marathon
- Ottawa day care suspends 2-year-old for ‘outside’ cheese sandwich
- Liam Neeson tells NYC mayor to ‘man up’ in horse carriage fight
- Real-life Dr. Doolittle to reveal how to talk to animals
- Climate change could bring back smallpox, researchers say
- Shoe-bomb witness to speak from London at N.Y. trial
Theft of data on 4M patients part of wider problem
Though encrypting patient information is “highly recommended” by the federal government, Verizon health care and data security expert Dr. Peter Tippett said the health care industry lags behind the financial and high-tech industries by 10 to 15 years when it comes to protecting personal data.
“Overall, the health care system needs a lot of work at being more secure,” Tippett said.
In most cases, Tippett said, computer thieves are simply looking to make a little cash reselling the stolen computer itself. Sometimes they may try to ransom the computer back to its original owner. If the data itself is accessed, usually by organized crime operations, he said criminals would generally try to use it to blackmail prominent people with potentially embarrassing diagnoses or steal patients’ identities to fraudulently bill health insurers for medical procedures that weren’t really performed.
The worst consequence an average patient could expect would be a bill for a co-pay for a procedure they never received, he said.
Tippett said blaming any incident of identity theft on the stolen Sutter computer would be tough. If exploited, the patient information on the stolen computer would simply be added to the insecure data available on most everyone already floating around on the world’s computer networks.
“It’s real. It will hurt some people. But it won’t hurt the average person in Sacramento,” he said.
Sutter appears to have followed state and federal law and faces little investigation at least from California, officials said, particularly if no damage results to individuals.
California Department of Managed Care spokeswoman Denise Schmidt said her agency is “looking into whether there may be an impact,” but she couldn’t say what that might entail.
State Department of Insurance spokesman Dave Althausen said his department would only become involved if there are fraudulent insurance claims as a result.
Sutter notified the state Department of Public Health, but didn’t need to, said department spokesman Ralph Montano. His department would only have jurisdiction if the breach was from a hospital or nursing home, he said, not a medical foundation or physician services group.
Joanne McNabb, chief of the California Office of Privacy Protection, said Sutter was only required to notify the U.S. Department of Health and Human Services, which it did within the required 60 days.
It was also required to notify affected patients in “the most expedient time possible without unreasonable delay,” she said, quoting a 2008 state law. A one-month delay might be reasonable because it could have taken that long to determine what information was on the computer, she said.
Consumers should watch out for bogus medical procedures showing up on health care notices, and should be careful not to be caught by crooks using their information to seek Social Security numbers or other information, she said. But she said the data on the computer is relatively limited in the damage that could be done with it directly.
Marcus Wohlsen reported from San Francisco. He can be reached on Twitter at http://twitter.com/marcuswohlsen
TWT Video Picks
By David Keene
Conference showed that the values Reagan cherished still endure
- FCC targets black conservative in TV station fight
- Kim Jong-un calls for execution of 33 Christians
- Hillary Clinton campaign received funds from Jeffrey Thompson
- Senate Democrats, Republicans spar over restoring unemployment benefits
- Bill Clinton poses for photo with Bunny Ranch prostitutes
- CARNES: Kissinger's flawed and offensive analysis of Ukraine
- DHS accused of holding U.S. citizen at airport, using emails to pry into her sex life
- U.S. pilot scares off Iranians with 'Top Gun'-worthy stunt: 'You really ought to go home'
- Atheists sue to remove 'Ground Zero Cross' from 9/11 museum
- George Zimmerman signs autographs at Orlando gun show
Pope Francis meets his 'mini-me'
Celebrity deaths in 2014
Winter storm hits states — again