Thursday, March 20, 2014
Computers stolen from university clinic expose personal data
Although recent high-profile data breaches were orchestrated through sophisticated cyberattacks, sensitive information is often exposed through less tech-savvy incidents.
Although recent high-profile data breaches were orchestrated through sophisticated cyberattacks, sensitive information is often exposed through less tech-savvy incidents. The University of California San Francisco recently announced that the personal data of more than 9,000 people had been compromised after the theft of several computers from its clinics. Secure file transfer services help guard against the additional consequences of unexpected events like stolen hardware.
According to CBS San Francisco, the desktop computers were taken on January 11 from the UCSF Family Medical Center at Lakeshore. The university notified affected individuals that their personal and health information was exposed, including names, birth dates, addresses, medical record numbers, health insurance IDs and driver's license numbers, the source added.
Data breach hassles
In addition to contacting the thousands of people whose information was compromised, the university had to inform appropriate state and federal departments because the data included health information. Like other companies that experience data breaches, the educational center also offered credit monitoring to individuals whose Social Security numbers were exposed.
These responses constitute part of the costs associated with failed information security. As this case highlights, the risk for data breaches extends beyond cybercriminals hacking into networks or infecting systems with viruses. Therefore, as part of a comprehensive security plan, organizations need to implement appropriate secure file sharing solutions that provide better control over data in the event hardware is lost or stolen.
Hardware thefts: More common than you might think
?An eSecurity Planet report noted that the January 11 breach was the third incident in four months for the University of California San Francisco. Previous exposures were also related to stolen hardware: In September, an unencrypted laptop stolen from an employee's car compromised over 3,000 patients' personal and health information, and then another laptop taken from a physician's vehicle exposed over 8,000 patients' data.
Clearly, laptop and other hardware thefts are a persistent threat. Therefore, organizations need to protect their information with robust solutions such as secure file transfer services. These options give corporations greater control over where information is stored and accessed, even when employee use portable devices. That way, if a stolen device is reported, it's much harder for criminals to gain access to confidential information. Managers could even mitigate the consequences of a theft by changing access permissions.
Information security is an ongoing process that must be prioritized and maintained vigilantly. The best strategies involve infrastructure protection, high-end services and programs that provide security, training for employees and best-practice policies.