Tuesday, April 01, 2014
One stolen laptop, two missing flash drives and 5,000 patients exposed
It's a story that's becoming all too familiar: An employee has a flash drive with sensitive, unencrypted information.
It's a story that's becoming all too familiar: An employee has a flash drive with sensitive, unencrypted information. Without giving it much thought, he leaves it in a fairly secure location, such as his locked car. A thief comes and steals the device. Now his organization faces a data breach, with thousands of customers' personal information in the hands of a criminal. Regardless of whether the theft was driven by a desire to acquire identity information or simply a quick grab for a piece of technology, the company must deal with the consequences. Legal fees, PR hassles, eroded trust and lost clientele are just a few examples of the long-term impact a simple theft can cause - especially in the absence of secure file sharing practices.
Such was the case in California, where Palomar Health recently experienced a data breach when an encrypted laptop along with two unencrypted flash drives were taken from a staff member's car. The devices exposed the personal health information of 5,000 patients from the Palomar Medical Center in Escondido and Pomerado Hospital in Poway. According to U-T San Diego, the health care organization's spokeswoman Bobette Brown explained that the compromised personal data included medical diagnoses, names, dates of birth, insurance and treatment information.
Although no cases involving suspicious use of the personal information had been reported at the time the news article was written, the medical organization needed to inform patients, allocate resources to understanding and containing the breach, as well as offer credit monitoring to affected individuals.
Sensitive information must be protected
In addition to the financial impact that data breaches can carry for businesses, failures in information security can have detrimental effects on the people whose details they expose, making data protection a key responsibility and matter of trust for organizations. Medical information in particular has great potential to be exploited in sinister ways. While much of the focus is usually on the threat of identity theft, Gigaom posited that health data could be used to wage biological crimes, such as targeting patients with particular conditions or tampering with the medical devices that individuals need to stay healthy. Further, medical information could be leaked to potential employers or the press, resulting in unfair discrimination or reputation damage, the source added.
Therefore, maintaining secure file sharing practices to reduce the opportunities for data to fall into the wrong hands is an ethical responsibility in addition to a good business strategy. In the Palomar Health case, the employee who had the flash drives and laptop had taken them home to continue working. In today's professional landscape, many staff members use their personal devices for business purposes, since workloads often require off-hours activity and employees want the flexibility and convenience that come with using mobile devices. Therefore, organizations should seek ways to facilitate remote working practices without making company resources vulnerable to theft or loss.
With the right services and programs in place, enterprises can provide their workers with access to corporate information, even sensitive data, without leaving it unprotected on portable devices. For example, wide area file services (WAFS) enable employees to connect to resources without removing them from the secure environment.