What is going on in Healthcare?

I’ve talked about data breaches due to a lost laptop before. They’re common, painful and usually generate horrible publicity. It continues to be alarming how many of these devices that are lost continue to be unencrypted. Looking around lately, there’s a very disturbing trend – healthcare professionals are losing devices left, right and center.

Here are some examples of what I’m talking about:

Breach of patient health and personal information

Surgeon’s stolen laptop stored patient’s’ records

DSHS contractor’s laptop stolen in Gig Harbor; identity theft possible risk

Glens Falls Hospital alerts patients of possible information breach

Medicaid contractor loses provider’s personal information

Laptop theft compromises Packard hospital information

Utah’s Medicaid loses control of patient records, again

Seven. That’s the number of healthcare related data breaches that have been made public this year. Of these, six were directly related to the loss of a laptop or storage device that contained patient or customer data that wasn’t encrypted.

It’s frightening. Next to typical Government agencies, healthcare and healthcare-related organizations contain some of the most personal and sensitive personal information. In this day and age, there really is no excuse for these types of lapses in security.

The other scary part is that many of these reports say it was a ‘password protected’ laptop that was stolen or lost. This is the equivalent of filing a police report for a home break-in and saying that you locked the front door, but left the back door open which is why thieves managed to get into your house. If you had an alarm system, this could have been avoided. OS passwords are not enough to protect data.

I feel like a broken record, but the best protection against data exposure on lost or stolen devices is data encryption. The cost of an FDE solution far outweighs the risks involved and healthcare related organizations should be the most vigilant in protecting patient privacy.

*NOTE: Many of these crazy stories above were sourced via SC Magazine and their great Data Breach Blog.

Previous Post
Sharing is Caring!
Next Post
The promise and practice of UEFI for Full Disk Encryption