Saint Francis Health System Warns Patients and Employees on Possible Data Breach

Information security is crucial for retaining trust of stakeholders and ensuring undisrupted business operations. However, various factors such as burglary, lapses in information security mechanisms, flaws on website, vulnerabilities in software, and attacks by cybercriminals, insider theft and inadvertent errors by employees cause data exposure.  Recently, Saint Francis Health System reported security breach at its hospital in Broken Arrow, Oklahoma. The breach was allegedly caused by a theft of a computer system, last used in 2004. The computer contained names, addresses, date of births, billing information, social security numbers, and diagnosis codes pertaining to around 84,000 patients. The stolen computer also contained information such as date of births, social security numbers, salary details and mailing addresses of employees. Ironically, the computer system is reported to be stolen from a secured room. Counter crime agencies are currently investigating the incident. Hospital authorities have initiated an internal enquiry and have also started the process of notifying the affected customers and employees. While the company has not received information regarding misuse of information, offenders having access to the data may abuse them for malicious purposes such as misrepresentation, identity fraud, fake loan applications, extortion and other criminal activities.

Security breaches and data theft may have manifold implications for both individuals and organizations. Lack of awareness among employees may result in lax attitude leading to security breach incidents. Regular training sessions, online IT courses  and e-learning programs could help in creating security awareness among employees.

Organizations must have proper network security as well as physical security mechanisms in place to avoid security breaches. Computers containing privileged information pertaining to the customers and the business could be separated from those used for conducting routine operations. All systems must be password protected to restrict access to the concerned employee and prevent unauthorized access to other users. Computer systems no longer in use must be password protected and kept in a locked room at a secured location in the organization premises. Access to such rooms must be restricted to a few authorized employees. Computers and other IT devices must be properly numbered and accounted for in the inventory. Old and excess computers and IT devices are often disposed through auction or direct sale. However, hard drives may contain sensitive information, which could be retrieved after they are discarded. As such, hard drives must be appropriately degaussed before their disposal. IT employees must be encouraged to keep themselves updated on the latest threats and protection mechanisms through webinars and online IT degree  programs.

Saint Francis has offered one year credit protection to the affected customers and employees. The company has also set up a 12-hour information line for resolving queries. The affected individuals may place a fraud alert on the credit file to ensure additional verification by banks and credit institutions prior to sanctioning of loan. They must also verify their bank and credit card accounts for any unauthorized transactions.

Sophisticated threats in the IT environment have resulted in increased demand for professionals qualified in IT degree programs, computer forensics, security audit and other certifications.

Contact Press

EC-Council
Website:  http://www.eccouncil.org
Email:  [email protected]
Tel:  505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.