Posts Tagged ‘laptops’

Verizon CMO: Protection of data at rest not important? Really?

Wednesday, November 25th, 2009

Seems like it’s been a tough week for Verizon to try and prove their point about how encryption is unimportant to securing protected health information (PHI).

..

According to ModernHealthcare.com Peter Tippett, Vice President of Technology and Innovation and Chief Medical Officer, recently said  “Encryption of data at rest in a database, for example, typically provides “no value” against a large majority of hacking and malicious code threats, and “end-user devices like PCs, laptops and PDAs” are “orders of magnitude less important targets in the real world than is perceived (and databases are several orders of magnitude more important than end-user devices).”

Ostrich
Image by Spartacus007 via Flickr

In addition, Tippett says  current security standards and methods are “too complex, are based on dogma instead of science, are both ineffective and inefficient, and are too static.”

..

But facts and reality prove otherwise. The following RECENT breaches were revealed while Verizon is literally putting its head in the sand and marginalizing encryption  (and all of them could have protected patient information had encryption been installed):

  • 68 Computer hard drives belonging to Blue Cross Blue Shield “walked out” of a datacenter, along with social security numbers and other information belonging to 2 million clients.
  • HealthNet loses an external hard drive with personal financial and medical information belonging to 1.5 million clients.
  • US Army loses hard drive with 60,000 with social security numbers and other personal information.
  • A laptop containing clinical information on 2,000 patients was stolen from the Guam Memorial Hospital.

And all this within 2 weeks! The fact is that data in use, like data at rest, and data in motion needs to be encrypted if it contains protected health information.

..

Related articles by Zemanta
Reblog this post [with Zemanta]

Tags: , ,
Posted in Encyption, HIPAA, PGP, Regulation | No Comments »

Long term costs for a breach of just 499 records could be as high as $100,798

Saturday, August 29th, 2009

According a study performed by The Ponemon institute, which is also quoted by the Department of Health and Human Services in the Interim Final Ruling on Breach Notification, the total cost of a data breach is an average of $202 per record (of which an $152 pertains to indirect cost including abnormal turnover or churn of existing and future customers).  A breach of just 499 records could cost $100,798 over the long term. The same report states that health care and financial services are the two industries experiencing the highest average rate of churn. It should be noted that, according to the same study, lost or stolen laptops/mobile devices account for 35% of all data breaches.

..

Laptop and mobile device encryption technology is readily available.  Implementing encryption in other vulnerable areas such as file shares, removable storage, and even e-mail greatly reduces the potential for invoking your breach notification plan. By reducing the availability of unsecured protected health information (PHI) in your IT systems you can greatly reduce the chances of having to notify individuals in case of a breach.

Tags: , , ,
Posted in Encyption | No Comments »