Password protection inadequate for sensitive information

Jan 28th, 2014 / Category: Wide Area File Services

Personal health information is strictly regulated to protect privacy. A data breach that exposes this type of sensitive information often attracts the attention of consumers and government officials. When a company does experience a data breach, people expect it to take action and reform risky behaviors. That's why Horizon Blue Cross Blue Shield of New Jersey is facing sharp criticism from a Senate panel for its second incident in five years. Both times, the insurance firm left members' data vulnerable by failing to encrypt documents.

Horizon laptops stolen, exposing sensitive information 
In November, Horizon reported that two laptops had been stolen from employee workstations. Although password-protected, the laptops were not encrypted, giving thieves access to documents with Social Security numbers and limited clinical information. This incident mirrored an earlier theft in 2008, NJ Spotlight observed, when a stolen Horizon laptop exposed information from about 300,000 customers. After that breach, the company said it took steps to increase security for customer data.

Horizon has an encryption policy, the source said, requiring all member information to be protected, but those rules were not upheld on the stolen devices. Additionally, employees downloaded documents containing sensitive data onto their laptops, instead of accessing them on the company server. 

Ongoing data breaches call for stronger security solutions
Requiring documents to be encrypted was not a successful security strategy for Horizon. In the wake of the recent breach, Senator Fred Madden Jr., a former state police officer, commented that Horizon needs to take steps to keep member information on secure servers, the news source said. In other words, companies need to implement solutions that prevent employees from downloading documents, especially since workers don't always adhere to encryption policies.

Secure file sharing solutions make it easier for employees to access information and collaborate on documents without taking data out of protected environments. It's essential for these services to be implemented as a central component of company processes, and they need to be convenient and intuitive to make sure employees don't resort to shortcuts, like downloading documents or emailing attachments.

Digital information is becoming central to almost every industry. In highly sensitive industries, such as the medical sector, it's essential to keep this information safe. According to the U.S. Department of Health and Human Services, there have been more than 800 data breaches affecting more than 500 individuals. Many of these aren't caused by criminals hacking into health record software - they're commonly caused when stolen devices contain unprotected information.