In a recent article, by Neil Versel in Information Week, two
of the more recent breaches for the medical industry are discussed. The key point made in the article was that
for both groups the data was not encrypted.
For Howard University Hospital the data was downloaded by a
subcontractor who took it off site. For
the other breach, the State of California Department of Child Support Services,
were shipping backup tapes by a commercial carrier for some off site testing.
For years now I have been talking about the need for
encryption as a data protection tool.
You let data leave your control, then the people who you have entrusted
it to better have the same if not better protection for than you do. Without encryption every entity that loses control
of the data must inform those whose data was exposed.
The fact that seven years after Choicepoint became the poster child for breaches, we
still have companies and agencies that do not encrypt the data. That still allows subcontractors to take the
data off site in unsecure fashions. That
does not have a plan in place for dealing with an information breach is
unrealistic. There is no one who is exempt
from data theft or loss. Why should anyone
think that the rules don’t apply to them?
The information on the article in Information Week is below.
2 Healthcare Data Breaches Show Importance Of Encryption
Patient data from Howard University Hospital and California
Department of Child Support Services wasn't fully encrypted, and one security
expert wants to know why.By Neil Versel InformationWeek
http://www.informationweek.com/news/healthcare/security-privacy/232800389
April 05, 2012 04:35 PM
No comments:
Post a Comment