Over 3.3 Million people with student loans had their personal data stolen recently, to include Names, Addresses and Social Security numbers.
This isn’t the first time people’s data has been stolen from student loan companies.
As noted in the WSJ article, this isn’t the first time this has happened:
The student-loan market has battled data losses before. In 2006, 1.7 million computer records held by Texas Guaranteed Student Loan Corp. were breached, while the U.S. Department of Education said a bug in its Web site compromised data on 21,000 people.
What is especially striking, and where this should really “bring it home” for medical practices is this nugget:
ECMC said the stolen information was on a portable media device. “It was simple, old-fashioned theft,” said ECMC spokesman Paul Kelash. “It was not a hacker incident.”
Not a hacker incident.
Again…not a hacker incident.
For all of you that aren’t concerned about somebody “hacking” into you system, that’s not where your real concern should be.
Your real concern should be if you have an employee take a backup of your data home so you have an “off site backup“.
We see this time and time again.
This is a huge mistake…why?
- That employee you send the data home with has now become responsible for all of your data (do they know that?)…
- People break into cars all the time to steal “that electronic device”…
- This is a completely inappropriate method to store your data off site.
If the CMS knows you are doing this they will slam you.
If your patients knew you were doing this you’d lose customers.
It’s plain ‘ole idiotic. There is no reason for any employee in your office to be taking any patient data home with them.
If you do think it is important, then you need to have a solid set of computer policies that addresses exactly how data that is removed from your office is to be stored and transported.
Your office policy should also address the exact steps that should be taken if the device on which the data is stored is stolen or lost.