If there is one thing I’ve learned from reading hundreds of breach notifications, it’s how earnestly organizations tell those whose data they did not protect how important protection of their data is to the organization.

Such is the case at 206-hospital Community Health Systems which was severely hacked not just in April but then again in June, with the villains finding enough unencrypted servers to copy names, addresses, birth dates, telephone numbers and Social Security numbers on 4.5 million patients.

Deciding whether to encrypt data is always a risk-based exercise; for many healthcare organizations it’s admittedly financially prohibitive, absent a mandate. And while it’s hard to sympathize with any company that doesn’t take protecting your data seriously, many struggling enterprises find it exceedingly difficult to get all the bells and whistles in place to stop sophisticated data attacks.

CHS, however, is not a financially struggling enterprise. In January 2014, it bought 71-hospital chain Health Management Associates. In 2013, it had $3.2 billion in revenue and $52.3 million in net income. Wayne T. Smith, chairman and CEO, earned total compensation of more than $8.8 million last year.

Somewhere, CHS could have found the the money to encrypt the data of the patients it serves. It’s tough to know what’s going on across a massive health system; however, one could assume that the 4.5 million patients who may now experience identity theft might wonder if a CEO making $8.8 million should have a decent idea about the organization’s overall security profile.

The HHS Office for Civil Rights continues to look for security offenders that it can make an example of and impose heavy fines and corrective action plans. I would suggest affected patients contact OCR and file complaints, and maybe security will start being a priority at CHS. Click here to learn how to file a complaint.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access