BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Report: Data breaches from unencrypted devices up 525% in 2011

From: security curmudgeon <jericho () attrition org>
Date: Fri, 3 Feb 2012 03:28:51 -0600 (CST)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.fiercehealthit.com/story/report-data-breaches-unencrypted-devices-525-2011/2012-02-01

By Dan Bowman
FierceHealthIT
February 1, 2012

Healthcare organizations need to "serve as their own watchdog" to increase 
security and decrease data breaches, a new report from IT security audit 
firm Redspin concludes. The increase in "bring your own device" policies 
at various hospitals, in addition to the continued implementation of 
electronic health record systems, are too much for government alone to 
regulate, the report's authors say.

The report digs into the latest major data breach figures--those breaches 
impacting 500 or more individuals--released by the U.S. Department of 
Health & Human Services' Office for Civil Rights. With the addition last 
week of the 2011 Sutter Health breach, which impacted 4.2 million 
patients, the number of major healthcare information breaches now sits at 
385 since 2009.

"The Federal government is unlikely to mandate that all portable devices 
that store [electronic personal health information] be encrypted, but it's 
an obvious and sensible policy for a healthcare organization to adopt," 
the authors say. "Taking it further, why not require that all mobile 
devices in the healthcare workplace be encrypted, even if ePHI is not 
allowed on them?"

According to the report, nearly 40 percent of all major PHI breaches 
occurred on a laptop or other portable media device, a problem the authors 
say isn't likely to go away anytime soon. "Portability is here to stay," 
the write. "The BYOD revolution is well underway, yet 50 percent of 
respondents in a recent healthcare IT poll say nothing is being done to 
protect data on those devices."

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/
Previous By Date Next
Previous By Thread Next

Current thread: