Stolen laptop causes data breach at Wisconsin hospital

Oct 02nd, 2013 / Category: Managed File Transfer

Data security is a critical issue in the healthcare sector. Hospitals, doctors' offices, clinics and all other healthcare providers must inevitably collect and utilize a tremendous amount of information as they treat thousands of patients on a regular basis. This information is extremely sensitive. It includes not just personal information that individuals' want to remain hidden for privacy reasons, but also data that could potentially lead to identity theft. Financial information, medical histories, Social Security numbers - any of this data could potentially be used by cybercriminals to commit fraud. Healthcare providers cannot avoid collecting and storing this information, and so they must make security a high-level priority.

Unfortunately, many organizations come up short in this regard. A case in point: A Wisconsin-based hospital recently was forced to notify patients following a data breach. This incident further highlights the need for both security-conscious policies and top-notch tools, such as secure file transfer solutions, to protect patient data in the healthcare sector.

A theft and a breach
The breach occurred when an unencrypted laptop was stolen from an employee's car. This laptop contained sensitive information affecting more than 600 hospital patients. Among the data potentially exposed were medical records, dates of birth and treatments. All affected patients will be notified via letter.

There are several key lessons to be gleaned from this. Most obviously, hospitals and other healthcare providers should ensure that any computers or other devices which contain or have access to sensitive data feature high-grade encryption and other security measures. Only with such protection can firms guarantee that the information these machines contain remains protected even if the machine itself falls into unauthorized hands.

Additionally, healthcare providers should develop policies which forbid employees from engaging in such risky behavior when patients' sensitive data is potentially at risk. Notably, these firms should now allow workers to remove devices containing such information off the premises.

However, this strategy presents a problem. The majority of healthcare professionals will be strongly motivated to perform work and access medical reports while at home or traveling. Simply telling these professionals to refrain from bringing laptops off-premise will likely not be sufficient to prevent the practice, and therefore will not improve the organization's overall data security.

Instead, healthcare providers need to develop solutions which enable these professionals to access reports and share information as needed without putting patients' sensitive data at risk.

To this end, secure file transfer solutions are key. These tools provide a means for workers in any profession, including healthcare, to send and receive information without exposing that data to an increased risk of exposure or loss. If these tools are available, doctors, nurses and other personnel will have no incentive to engage in risky behavior while still maintaining the ability to perform their job responsibilities when outside the office, whether at home or while on the road.