Symantec has seen competitors such as CheckPoint, Sophos, and McAfee acquire key encryption technology platforms like Pointsec, Utimaco, and Safeboot. They will now have a strong whole disk encryption story, as well as solutions for file and e-mail encryption. 

The GuardianEdge Technologies (GE) acquisition will provide Symantec with direct access to GE's large base of government customers. Certainly GE has a client base in the commercial sector as well. There is clearly some overlap between PGP and GE products. Both provide a lot of value to the end users in terms of security features.

Healthcare organizations that are looking to comply with the HITECH Act and protect PHI using encryption will be very pleased. Symantec has a significant market share in endpoint security products and those customers that need to deploy encryption will be happy to entrust the Symantec brand to their organization.

Customers can now use PGP Universal Server to centrally manage encryption for their multi-platform environment. A single web-based user interface can be used to manage encryption end points using Microsoft Windows, Apple Mac, Red Hat Linux, and Ubuntu Linux. PGP is the only encryption vendor that delivers encryption solutions across multiple platforms. Multi-platform support is especially important with the popularity of netbooks, and the forthcoming Apple tablet device, which is reported to be using the Mac OSX operating system.

PGP also added functionality for e-mail encryption in Microsoft Outlook. Using Microsoft Outlook users can now click “sign and encrypt” buttons to automatically encrypt emails.

Experior Data is a PGP SILVER Partner and helps organizations implement data encryption solutions.

More information about these new releases is available on the PGP web site.

- Whole disk encryption is clearly needed for mobile devices

- Whole disk encryption protects data when computers are TURNED OFF. This means that while you’re using the laptop the data is in use, and is not encrypted.

- Additional levels of data protection is needed to protected the data while computers are in use. For example, critical data files should be encrypted automatically regardless of whether the computer is turned on or off. Whole disk encryption does not do this.

- Files containing PHI that are transferred on a network need to be encrypted. Whole disk encryption does not do this.

- What about e-mails containing PHI? More importantly, what about those that use Microsoft Outlook and store data in archive (.pst) files?

So why is whole disk encryption not enough? What happens if a worm invades your computer and transfers documents of a certain file type to a remote location. Whole disk encryption will not help you in this situation.

It’s important for any encryption solution to not only encrypt the hard drive but also to encrypted files on the hard drive so that they remain encrypted while the computer is on.

According to the Initial Set of Standards for Electronic Health Records patients must be provided with their health information (most certainly protected health information -PHI- under HIPAA) electronically and securely within 96 hours.

How to Secure Health Records

You may be wondering how can patient information be secured. The best way to secure information is by encrypting the media. However, note that patients must be able to decrypt the information on their own computer equipment. One of the product Experior Data implements is called PGP Portable. For example, the patient provides a USB drive for you to copy the PHI onto it. PGP Portable encrypts the entire USB device after the information is copied to it. The patient must provide a passphrase during the encryption process. When the patient goes home he/she inserts the USB drive into their home computer and is prompted for the passphrase. After the passphrase is entered access to the patient information is provided.

Related articles by Zemanta

• HIEs are Beginning to Link Patients Directly to their Own Health Data (projecthealthdesign.typepad.com)
• Pushing ONC to Act on Consumer’s Behalf (chilmarkresearch.com)
• Medfusion Maintains Leadership in Patient Portal Performance (medicineandtechnology.com)
• How to Get $20 Billion for Using Electronic Medical Records (blogs.wsj.com)

..

According to ModernHealthcare.com Peter Tippett, Vice President of Technology and Innovation and Chief Medical Officer, recently said  “Encryption of data at rest in a database, for example, typically provides “no value” against a large majority of hacking and malicious code threats, and “end-user devices like PCs, laptops and PDAs” are “orders of magnitude less important targets in the real world than is perceived (and databases are several orders of magnitude more important than end-user devices).”

In addition, Tippett says  current security standards and methods are “too complex, are based on dogma instead of science, are both ineffective and inefficient, and are too static.”

..

But facts and reality prove otherwise. The following RECENT breaches were revealed while Verizon is literally putting its head in the sand and marginalizing encryption  (and all of them could have protected patient information had encryption been installed):

• 68 Computer hard drives belonging to Blue Cross Blue Shield “walked out” of a datacenter, along with social security numbers and other information belonging to 2 million clients.
• HealthNet loses an external hard drive with personal financial and medical information belonging to 1.5 million clients.
• US Army loses hard drive with 60,000 with social security numbers and other personal information.
• A laptop containing clinical information on 2,000 patients was stolen from the Guam Memorial Hospital.

And all this within 2 weeks! The fact is that data in use, like data at rest, and data in motion needs to be encrypted if it contains protected health information.

..

Related articles by Zemanta

• Blue Cross Blue Shield Data Breach Investigation Extends Credit Protection for Providers to 2 Years (ducknetweb.blogspot.com)
• Health Net Data Breach – 1.5 Million Records At Risk With Missing Portable Hard Drive (ducknetweb.blogspot.com)
• Laptop Heist Exposes Doctors’ Personal Data (deurainfosec.com)
• Blue Cross Physicians Warning – Potential Data Breach With Stolen Laptop Computer (ducknetweb.blogspot.com)
• From the Hospital Room to Bankruptcy Court (nytimes.com)
• A member of Blue Cross Blue Shield comes over to the side of the people (iflizwerequeen.com)

Fortunately, the most vulnerable devices are the easiest secure. If you have serveral computers you would like to secure, or if you have a tablet or laptop that you use when you travel, installing Whole Disk Encryption (WDE) software such as PGP Whole Disk Encryption is an easy way to get started.

..

WDE simply encrypts your entire hard drive. After installing the software you can encrypt your entire hard drive. The software operates in the background while you work and does not affect your computer’s performance. It may take several hours for your hard drive be become encrypted. After completion, you will need to enter a password every time your computer boots. If your computer is stolen the thief will not be able to access your computer because the password will not be known to him/her. More importantly, your hard drive will not be able to be analyzed by forensic or other hard drive reading software. All your data will essentially become “scrambled” to anyone trying to view the contents of your hard drive.

..

It’s important that you understand technologies that WILL NOT protect your information:

..

- File deletion – deleting files on your hard drive does not erase them permanently. When you “delete” a file on your computer you are simply removing the pointer to the data in the hard drive’s directory. Until your data is overwritten by new data the old data remains on the hard drive and is able to be retrieved by even the most rudimentary tools on the Internet.

..

- Password protecting files – Using password protection features in Microsoft Word, Excel, and even Quickbooks does not protect your information. It simply forces you to enter a password before viewing the data. There are many tools that are available that can easily recover these passwords. In addition, passwords don’t encrypt data. They are a method of very basic access control. If you password protect your document it can easily be recovered by data recovery and simple forensics applications.

..

- Screen saver passwords – Although these should be used and activated when you’re away from your powered-on computer, they do not protect your data. A simple restart of the computer will bypass screen saver passwords.

..

- Computer passwords – Computer passwords should be set so that you are prompted to enter a password when you start up your computer. However, these can easily be recovered by many programs found on the Internet. They also don’t encrypt the contents of your hard drive.

..

- BIOS passwords – Most PCs have an option to set BIOS passwords. BIOS is a small program in every computer that runs very briefly when you turn your computer on. BIOS tells the computer the most basic information about your computer such as the amount of memory in your computer, size of hard drive, number of hard drivers, etc. This information is used to load your operating system (Microsoft Windows, Apple MAC OS, etc). A setting in BIOS could be made to require a BIOS password before your computer even loads Windows. Although it may be deterent to the casual unauthorized user, such as a snooping co-worker, BIOS passwords are easily reset by anyone with rudimentary technical skills. Sometimes it may require that the computer be opened and certain buttons are pressed inside the computer. But it can easily be defeated. And BIOS passwords do not encrypt data.

..

- Apple FileVault, Windows EFS – These are useful options for encrypting data. In both cases (Apple

and Windows) these are only file-level encryption technologies. Apple’s FileVault is superior because it encrypts your entire user profile. Windows EFS is complex to maintain and restore in case you switch computers. However, these technologies encrypt only certain files or directories. If you accidentally move information out of the encrypted directories that information will not be encrypted. These also don’t prevent basic access to the operating system of the computer. For example, if your Mac is stolen and you enable FileVault the thief can still access your computer.

..

Although installing whole disk encryption on a few computers is acceptable, deploying individual encryption applications on many computers is not efficient or recommended.  Installing software like PGP Whole Disk Encryption on many computers without a central management system could present administrative challenges of manually maintaining encryption keys and leaves open the possibility of not being able to access encrypted computers after an employee leaves. Vendors like PGP offer a management console that can take away the administrative burden  of maintaining many computers. Before deploying WDE refer to an expert that can set up your environment so you can properly manage your encrypted computers centrally.