UCLA Healthcare System, an academic medical centre that comprises a number of hospitals and an extensive primary care network in the Los Angeles region in the US and covering 2 million lives announced that it has entered into a settlement agreement where it will pay USD7.5 million for the following:-
$5.5 million, beyond currently budgeted spending – plus any money remaining in the claims reimbursement fund – for the purpose of expediting and implementing cybersecurity enhancements to the UCLA Health computer network,
$2 million to be deposited into a fund to help reimburse claimants - some 4.5 million UCLA Health System patients whose records, most of them unencrypted, were compromised after hackers gained access to the network - for any preventive or remedial measures related to identity theft.
The breach happened in September 2014, but patients were informed only in July 2015. The incident saw sensitive clinical and financial data such as medical diagnoses and diseases, clinical procedures, test results, Social Security numbers, addresses and dates of birth compromised by hackers who'd gained access to the health system's IT network.
We have, in several postings earlier, highlights the vulnerabilities in the healthcare sector. While reported incidents in the healthcare sector in Malaysia is still unheard of currently, healthcare organisations should take note of the above case. The events above are caused by under-protected IT environments. The growth in hacking and IT incidents does deserve special attention.
Protecting patients' privacy is essential to every healthcare organisation’s mission and maintaining data security requires constant vigilance.
To borrow the English saying - 'Do not be penny wise pound foolish'. Invest in the present or consequences in the future could be dire for your organisation.