The Private Data Safety Committee, South Korea’s nationwide information safety authority, has probed 17 college hospitals that allegedly allowed almost 200,000 affected person info to get uncovered in a leak.
WHAT IT’S ABOUT
The PIPC acted on alleged studies of college hospitals leaking affected person info to pharmaceutical firms. The case was later confirmed by the police following a search and seizure operation on the concerned pharmaceutical firms.
It was discovered that hospital employees took footage or downloaded affected person info wanted for prescriptions, which had been then despatched by way of e-mail or flash drives to pharmaceutical firms.
Primarily based on the investigation, roughly 185,271 affected person info, together with delicate ones, was leaked between April 2018 and January 2020. About half got here from Yonsei College Severance Hospital (57,912) and St. Mary’s Hospitals in Uijeongbu (20,027) and Yeouido (17,115).
All however one of many 17 hospitals had been discovered to have violated the Private Data Safety Act for failing to make sure the security of affected person info. They had been subjected to fines totalling KRW 64.8 million ($50,500).
In response to PIPC, for greater than two years, 16 hospitals haven’t saved information of people that have accessed their system. Additionally they haven’t amply confirmed their causes for accessing and downloading info.
Of these hospitals, Hallym College Sacred Coronary heart Hospital, Dongtan Sacred Hospital, Kangnam Sacred Hospital and Hangang Sacred Hospital haven’t saved entry information for over three years. These 4 hospitals, together with Quickly Chun Hyang College Hospital Seoul and Konkuk College Chungju Hospital, additionally didn’t have safety measures in place for exporting and importing information by way of auxiliary storage gadgets like exhausting and flash drives.
Moreover, Kangbuk Samsung Hospital and Korea College Guro Hospital had been discovered to have poor safety, permitting unauthorised individuals to entry information bodily.
Other than getting fines, all 17 hospitals had been additionally advised to make the next enhancements:
Recurrently examine respective private info processing methods and implement measures to forestall future information leaks
Reinforce common coaching for employees concerned in defending private info
In the meantime, the South Korean police are nonetheless conducting investigations for doable prison legal responsibility of concerned hospital and pharmaceutical firm employees within the information leak.
THE LARGER TREND
Cybersecurity authorities in South Korea had been most not too long ago alarmed by a large-scale information breach at Seoul Nationwide College Hospital. In response to the hospital, the non-public info of over 800,000 folks, together with sufferers and hospital workers, has been leaked following an assault on its IT servers between Might and June final yr. The native police mentioned they’ve traced the supply of the assaults from alleged servers of North Korean hackers.
ON THE RECORD
“By way of this investigation, we hope college hospitals at the moment are extra conscious of their function in defending sufferers’ extremely delicate private information. This additionally serves as a possibility for them to understand the significance of coaching employees on managing their private info safety methods, in addition to conducting common checks of the system to forestall future information leaks from taking place,” the PIPC mentioned in a press release.