Seems like it’s been a tough week for Verizon to try and prove their point about how encryption is unimportant to securing protected health information (PHI).

..

According to ModernHealthcare.com Peter Tippett, Vice President of Technology and Innovation and Chief Medical Officer, recently said  “Encryption of data at rest in a database, for example, typically provides “no value” against a large majority of hacking and malicious code threats, and “end-user devices like PCs, laptops and PDAs” are “orders of magnitude less important targets in the real world than is perceived (and databases are several orders of magnitude more important than end-user devices).”

In addition, Tippett says  current security standards and methods are “too complex, are based on dogma instead of science, are both ineffective and inefficient, and are too static.”

..

But facts and reality prove otherwise. The following RECENT breaches were revealed while Verizon is literally putting its head in the sand and marginalizing encryption  (and all of them could have protected patient information had encryption been installed):

• 68 Computer hard drives belonging to Blue Cross Blue Shield “walked out” of a datacenter, along with social security numbers and other information belonging to 2 million clients.
• HealthNet loses an external hard drive with personal financial and medical information belonging to 1.5 million clients.
• US Army loses hard drive with 60,000 with social security numbers and other personal information.
• A laptop containing clinical information on 2,000 patients was stolen from the Guam Memorial Hospital.

And all this within 2 weeks! The fact is that data in use, like data at rest, and data in motion needs to be encrypted if it contains protected health information.

..

Related articles by Zemanta

• Blue Cross Blue Shield Data Breach Investigation Extends Credit Protection for Providers to 2 Years (ducknetweb.blogspot.com)
• Health Net Data Breach – 1.5 Million Records At Risk With Missing Portable Hard Drive (ducknetweb.blogspot.com)
• Laptop Heist Exposes Doctors’ Personal Data (deurainfosec.com)
• Blue Cross Physicians Warning – Potential Data Breach With Stolen Laptop Computer (ducknetweb.blogspot.com)
• From the Hospital Room to Bankruptcy Court (nytimes.com)
• A member of Blue Cross Blue Shield comes over to the side of the people (iflizwerequeen.com)

Tags: breach notification, laptops, verizon

This entry was posted on Wednesday, November 25th, 2009 at 4:30 pm and is filed under Encyption, HIPAA, PGP, Regulation. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.