One Hour To Report a Breach?
DATA LOSSAugust 20, 2013
GovInfoSecurity talks with Curt Kwak, CIO of the Washington State Health Insurance Exchange, about a U.S. Department of Health and Human Services proposal that would require state health insurance exchanges set up in accordance with the Affordable Care Act to report data breaches within one hour of discovering them. Is this doable? Kwak said it’s possible given planning and staff, but it “will force us to be less efficient and most likely impact the usability of the system and, of course, our ability to support the system.” In other health data breach news, a Sherman, TX, specialist’s office has notified 3,000 patients of a “potential information breach,” and warning them to “check their bank accounts,” after a disk drive containing patient records went missing. Similarly, Emory University administrators have told employees and students to change their university account passwords after a breach of its IT infrastructure was detected. Emory’s experience is of course not unique. A similar breach at the University of Delaware is now believed to have affected as many as 74,000 students and staff.