IT and security staff at a 2,400-physician Michigan-based hospital were justifiably concerned when they learned that a nurse"s laptop computer had been stolen. Of greater concern was the fact that the nurse had contravened the hospital"s data security policy and affixed the laptop"s encryption key to the front of the computer. Fortunately, the hospital had protected the laptop with the Computrace endpoint security solution from Absolute Software.
After alerting police, the hospital contacted the Absolute Recovery Team and let the team know that they were very concerned over the health information contained in the laptop. Rather than attempting to physically recover the computer, the Absolute Recovery Team recommended an immediate Data Delete operation to remove the sensitive information from the laptop. Having promptly deleted all sensitive information from the computer, hospital officials maintained the computer"s security. Hospital officials estimate that the quick action resulted in cost savings of between $80 and $100 per health record in data breachrelated costs.
Endpoint Security Remains Effective When Other Security Layers Fail
Organizations that deal with sensitive information need to provide layers of protection for the data they hold ' each layer working to bolster protection. With endpoint security at the core of security strategies, organizations are able to remotely delete data and physically recover stolen computers in the event that other security strategies are compromised.
Lessons from Recent Data Breaches
Data breaches that went unnoticed historically are now highly-publicized affairs as a result of recent state data breach legislation.
Boston, Massachusetts - Forrester Research announced that a laptop stolen from one of the research firm"s employees had potentially exposed the names, addresses and social security numbers of an undisclosed number of employees and directors. In a letter mailed to those affected, Forrester"s Chief People Officer Elizabeth Lemons indicated that the laptop was password protected but made no mention of encryption. The incident proved especially embarrassing for the research firm that often consults on data security strategies for mid-market and Fortune 500 companies.
Aspen Hill, Maryland ' U.S. Department of Veterans Affairs announced that a notebook computer containing the names, birthdates, Social Security numbers and limited health information of 26.5 million veterans and active-duty military personnel had been stolen. It took Veteran"s Affairs officials more than two weeks to publicly disclose the breach. The laptop, stolen from the data analyst working for VA, became part of the largest data breach in U.S. history. The theft prompted a series of hearings in the U.S. Congress that criticized the VA"s data security processes and resulted in legislation that compels the VA to immediately notify congress in the event of a data breach.
Detroit, Michigan ' Blue Cross Blue Shield of Michigan announced in a Website statement and via personalized letters to members that the information of approximately 1,560 members and two staff had been breached. Information contained on a laptop stolen from an employee"s home included names and health insurance contract numbers. Approximately 120 records also included Social Security numbers. Despite BCBSM internal policy that requires the encryption of health information and closelymonitored circumstances that allow downloading health information onto portable devices, the employee"s laptop was unprotected. Disciplinary actions are pending completion of investigations into the incident.
After alerting police, the hospital contacted the Absolute Recovery Team and let the team know that they were very concerned over the health information contained in the laptop. Rather than attempting to physically recover the computer, the Absolute Recovery Team recommended an immediate Data Delete operation to remove the sensitive information from the laptop. Having promptly deleted all sensitive information from the computer, hospital officials maintained the computer"s security. Hospital officials estimate that the quick action resulted in cost savings of between $80 and $100 per health record in data breachrelated costs.
Endpoint Security Remains Effective When Other Security Layers Fail
Organizations that deal with sensitive information need to provide layers of protection for the data they hold ' each layer working to bolster protection. With endpoint security at the core of security strategies, organizations are able to remotely delete data and physically recover stolen computers in the event that other security strategies are compromised.
Lessons from Recent Data Breaches
Data breaches that went unnoticed historically are now highly-publicized affairs as a result of recent state data breach legislation.
Boston, Massachusetts - Forrester Research announced that a laptop stolen from one of the research firm"s employees had potentially exposed the names, addresses and social security numbers of an undisclosed number of employees and directors. In a letter mailed to those affected, Forrester"s Chief People Officer Elizabeth Lemons indicated that the laptop was password protected but made no mention of encryption. The incident proved especially embarrassing for the research firm that often consults on data security strategies for mid-market and Fortune 500 companies.
Aspen Hill, Maryland ' U.S. Department of Veterans Affairs announced that a notebook computer containing the names, birthdates, Social Security numbers and limited health information of 26.5 million veterans and active-duty military personnel had been stolen. It took Veteran"s Affairs officials more than two weeks to publicly disclose the breach. The laptop, stolen from the data analyst working for VA, became part of the largest data breach in U.S. history. The theft prompted a series of hearings in the U.S. Congress that criticized the VA"s data security processes and resulted in legislation that compels the VA to immediately notify congress in the event of a data breach.
Detroit, Michigan ' Blue Cross Blue Shield of Michigan announced in a Website statement and via personalized letters to members that the information of approximately 1,560 members and two staff had been breached. Information contained on a laptop stolen from an employee"s home included names and health insurance contract numbers. Approximately 120 records also included Social Security numbers. Despite BCBSM internal policy that requires the encryption of health information and closelymonitored circumstances that allow downloading health information onto portable devices, the employee"s laptop was unprotected. Disciplinary actions are pending completion of investigations into the incident.
0 comments:
Post a Comment