Texas Mental Health Center Hacked
Data on More Than 11,000 Patients Exposed
While EHN says it doesn’t believe medical record information was exposed in the cyberattack, the fact that the exposed data included names of patients seeking mental health services presents a serious privacy concern for affected individuals, says Tom Walsh, founder of consulting firm tw-Security.
“Any privacy breach is worrisome. However, when the breached information is linked to sensitive types of treatments or diagnosis such as mental health and intellectual disabilities, it makes event potentially more damaging,” Walsh says. “Events like this may cause individuals to choose not to seek help for fear of the repercussions or harm if that information is ever leaked. All it takes is a person’s name connected to a mental healthcare facility to damage a person’s reputation.”
… While mental health services providers handle some of patient’s most sensitive data, many of those organizations, including non-profit and county-funded centers, often lack resources to effectively protect that information, says Walsh, the security consultant.
“Some smaller organizations assume more risks because they lack the skilled staff or budget to implement technologies that could further reduce their risks,” he says. “Unfortunately, county-run health services are often working with tighter budgets each year. Information security may not be a high priority. Over the years, I have found that county mental health staff are dedicated to their patients. [But] security, HIPAA and information technology are not as high of a priority. ”
Walsh stresses that “mental health facilities owe it to the people they serve to secure the data by implementing adequate security controls. Obviously, hindsight is 20/20. There is always something more that organizations can do to improve their security posture.”
… “Realistically, it is challenging for any organization to prevent a targeted attack,” Walsh notes. “If the federal government – with its resources – cannot prevent hacks, what chances do smaller organizations have?”