[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Report: Data breaches from unencrypted devices up 525% in 2011
By Dan Bowman
February 1, 2012
Healthcare organizations need to "serve as their own watchdog" to
increase security and decrease data breaches, a new report from IT
security audit firm Redspin concludes. The increase in "bring your own
device" policies at various hospitals, in addition to the continued
implementation of electronic health record systems, are too much for
government alone to regulate, the report's authors say.
The report digs into the latest major data breach figures--those
breaches impacting 500 or more individuals--released by the U.S.
Department of Health & Human Services' Office for Civil Rights. With the
addition last week of the 2011 Sutter Health breach, which impacted 4.2
million patients, the number of major healthcare information breaches
now sits at 385 since 2009.
"The Federal government is unlikely to mandate that all portable devices
that store [electronic personal health information] be encrypted, but
it's an obvious and sensible policy for a healthcare organization to
adopt," the authors say. "Taking it further, why not require that all
mobile devices in the healthcare workplace be encrypted, even if ePHI is
not allowed on them?"
According to the report, nearly 40 percent of all major PHI breaches
occurred on a laptop or other portable media device, a problem the
authors say isn't likely to go away anytime soon. "Portability is here
to stay," the write. "The BYOD revolution is well underway, yet 50
percent of respondents in a recent healthcare IT poll say nothing is
being done to protect data on those devices."
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!