Blog Entries

Verus Inc., a medical IT contractor, closed its doors after being implicated in exposing the sensitive information of five different hospitals across the country. The contractor was responsible for maintaining the websites and services of 40 to 60 different US hospitals nationwide. Most large companies depend on outside contractors to perform similar services on their behalf, and most of the time companies just assume the contractor has the knowledge and experience necessary to handle their confidential information. Before releasing sensitive information to outside contractors, it is imperative that you make sure the contractor has policies and procedures in place that meet or exceed your own internal standards.

All five incidents occurred when an employee shut down a firewall during the transfer of data from one server to another. This huge mistake would have been easily preventable if the company would have had standard procedures in place for transferring confidential information, and better employee training to make sure everyone involved in the process knew and understood the guidelines. All told, the personal information of over 80,000 different patients from five different hospitals were exposed.

After knowledge of the security breaches became public, all of the hospitals terminated their contracts with Verus, but irreparable damage was already done. The most damage was done to the five hospitals who lost patient information. The affected patients will hold the hospitals responsible for the information loss, even though it was the contractor’s fault. Even the hospitals whose patient information wasn’t exposed had their reputations tarnished from the incident; after all, it was only by chance that the other hospitals lost data and not them.

Everyone who handles your confidential information is at risk of losing it, and your company will be held responsible if it ever happens. No matter how good your own internal policies and procedures are, information loss can still occur if you don’t frequently audit those of your contractors, partners, and resellers.