While everyone understandably raises alarms about the possible impact of a ransomware attack, let us never forget that simple, stupid, careless, willful, or just human errors can create significant safety risks for people.
A foster family in Missouri is raising concerns about what may be two separate breaches that pose safety risks to them and their foster children. In both cases, the biological parents have been involved with the criminal justice system. In the first instance, the biological mother requested — and was given — access to the child’s portal and records. Those records contain a lot of details on the child as well as the foster parents’ names and telephone number. When SSM Health Cardinal Glennon Hospital realized its mistake — a month later — they revoked access. But did the mistake put the child and foster family at risk?
In the second instance — which is not a confirmed incident by SSM Health Cardinal Glennon Hospital but it a suspicion by the foster mother — a hospital employee who is another foster child’s biological grandmother reached out to her on Facebook, even though they had never exchanged names. Did the grandmother misuse her access to records to find her grandchild’s foster family?
These types of incidents do not make it to HHS’s public breach tool. And they tend to get watered down in HHS’s statistics by just considering them as part of a broad category of “unauthorized access or disclosure.” But not all errors are accidental and not all disclosures are without serious risk. Let’s never forget that.
Read more on St. Louis Post-Dispatch.