Menu

University of Iowa Health Care Data Breach Demonstrates Need for Network Security

intelligentID | October 5, 2017

The University of Iowa stated that approximately 5,300 patients were affected by the data breach.

The University of Iowa stated that approximately 5,300 patients were affected by the data breach.

In June of this year, a major network data breach was reported that may have flown under the radar of mainstream media. However, with so many high-profile cybersecurity attacks in the news, Intelligent ID recognizes that specialized data breaches can be the most insidious – especially when industries such as healthcare facilities are the target. During the summer, the University of Iowa Health Care (UIHC) notified thousands of patients of a data breach that exposed their personal and medical information.

According to an official statement issued by the University, approximately 5,300 patients were affected by the data breach. Although the University claims that it has not found any evidence suggesting that hackers took advantage of the breach, misusing patients’ information, the incident itself speaks volumes in regards to the vulnerability of public information.

Lax Compliance and Faulty Network Monitoring is a Dangerous Mix

Media reports indicate that in May 2015, the unencrypted patient information was saved by an unnamed UIHC employee to a public file-sharing site that was part of an open-source web application creation program being used by the organization. The files were left on the site unprotected after the project was completed. Following this initial security danger, those files were spotted by a cybersecurity professional the next year and reported to UIHC’s privacy officer. The files were removed from the file-sharing site the following May.  

For over a year, patients’ most personal healthcare information was sitting in a virtual unprotected limbo – a simple, yet potentially devastating scenario that could have been completely solved with the right cybersecurity endpoint solution.

The Intelligent ID Difference

Healthcare providers and vendors handle some of the most delicate of society’s information including PHI (Protected Health Information), PII (Personally Identifiable Information), payment or financial information, and insurance information. This information is required to be contained and managed in accordance with standards dictated by US Health and Human Services regulatory agencies. However, most mainstream privacy protection can still be penetrated or become susceptible to theft and loss. When you give your personal details to those institutions (or, if you are on the receiving end as a healthcare institution), there should never be any doubt as to the safety and security of the information itself.

By utilizing numerous aspects of Intelligent ID’s monitoring and protection suite, we can boost data protection and give our clients visibility into where and how their data travels. One of our strongest suits is in identifying a transfer of crucial and sensitive information to a cloud-based location, while also being able to identify is a third-party was editing or manipulating your data from that cloud. With today’s growing dependence upon cloud-based memory and storage, this ability can prevent potentially catastrophic data loss.

Intelligent ID recognizes each step in a such an Insider Threat and includes multiple functionalities to address them all.

Intelligent ID is endpoint-based user monitoring and analytics software that secures organizations’ business assets by continuously monitoring and alerting management to suspect events taking place anywhere an endpoint may travel. This includes data loss or theft activity, compliance infractions, workplace liability issues, inefficient use of time and resources, infrastructure concerns, insecure file access, and more. For further information, visit us at www.intelligentid.com or contact us at info@intelligentid.com.

Additional Resources