To many who grew up watching movies like War Games, Hackers, and The Net, the threat to your computer network by some shadowy criminal infiltrating your system from a remote location seems very real.

However, a recent story from Information Week says that the actual biggest threat to health IT security is something far more mundane – physical theft.

The United States Department of Health and Human Services has been tracking “breaches of unsecured protected health information affecting 500 or more individuals” since September 2009.

The Information Week article reports that almost half of HIPAA violations affecting more than 500 individuals resulted from theft of computer equipment and paper records. In fact, hacker attacks ranked only fifth out of six types of security breach causes. Here is the list:

• Theft – 49%
• Unauthorized access and disclosure – 16%
• Loss – 14%
• Combination – 9%
• Hacking – 6%
• Improper disposal of non-electronic records – 5%

What You Can Do

Clearly, these findings do not mean it’s perfectly ok to turn off your firewall and give away your passwords. In fact, we’re inclined to think that the fear of being hacked – driving health care centers to take precautions – probably contributes to the low number of “IT incidents.”

However, a number of loss- and theft-related breaches, not surprisingly, came from “portable electronic devices” and laptops. We recommend not storing patient information on laptops or tablets, but using these devices to access data securely stored on a central server. Information stored on USB flash drives and CDs for transportation or archiving should be encrypted. In addition, simply being more aware of these devices, such as not leaving them unattended and making sure they are with you when leaving airplanes, taxis, and the like, is another common-sense approach.