Reducing the Opportunity for Data Breaches

Sloppy employees and unsecured mobile devices are costing businesses some of their most valuable assets – information.

Posted by Lindsay Khan in Corporate Security, Human Resources, Information Security on January 4th, 2012

Last year was a banner year for data breaches and the outlook for 2012 is even worse. As the value of personal and corporate information continues to rise, cyber-attacks will follow. Organizations need to step up their game when it comes to securing data.

Data Breaches in the Health Care Industry

Health care organizations are a prime target for cyber criminals looking to steal personal information. In 2011, data breaches in the health care industry reached an all-time high, costing the industry an estimated $6.5 billion, according to a recent study conducted by the Ponemon Institute and sponsored by ID Experts.

A Government Health IT article by Chris Anderson, “3 steps to minimize ‘data breach epidemic’,” discusses the findings from the study, which looks at data breaches in the health care industry:

Among the chief culprits responsible for data security breaches were sloppy employee handling of data and the ever-increasing use of mobile devices in the healthcare setting. Forty-one percent of healthcare executive surveyed attributed data breaches related to protected health information (PHI) to employee mistakes, while half of the respondents said their organization does nothing to protect the information contained on mobile devices. In all, 80 percent of healthcare organizations use mobile devices that collect, store and/or transmit some form of PHI.

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

Enforcement agencies aren’t taking data breaches lightly. Organizations that fail to protect personal information are going to pay a hefty price for their ignorance. Another Government Health IT article by Rick Kam and Christine Arevalo, both of ID Experts, “Year in review: Top 10 trends in healthcare data privacy and security,” reports:

The Office for Civil Rights has entered a new phase of increased enforcement and fines that are stiffer than an overstarched lab coat. In February, Cignet Health was fined $4.3 million for denying patients access to their medical records. At about the same time, Massachusetts General agreed to pay $1 million for the loss of 192 patients’ protected health information.

Reduce the Opportunity

Organizations need to take steps to reduce the opportunity for data breaches to occur.  The findings from this survey reiterate the importance of providing employees with security training. Everyone in an organization needs to understand the role they plan in maintaining corporate security, as well as the consequences of failing to protect sensitive information.

Use relevant, task-specific scenarios to teach employees how to properly handle client/patient information. Remind employees of the dangers of using the same password for every application/system and set a minimum standard for password strength. You’ll also want to have employees change their passwords every month or so. Employees should also be reminded that the simplest things – such as writing passwords on sticky notes and placing them under a keyboard – are major security risks.

Mobile and other portable devices also remain a security concern, as these devices can be easier to lose – or steal. As noted in the findings from the study, few respondents reported that their organization takes any action to protect information on such devices. Don’t leave portable devices lying out in the open for anyone to look at or take. Employees using mobile devices should never connect to free or unsecured wireless networks. Mobile devices should be password protected and encrypted to reduce the risk of information theft should the device go missing or get stolen.


lindsayisight
lindsayisight

Marketing Coordinator

Lindsay Khan is the marketing manager for i-Sight Software. With an Honours Bachelor of Commerce degree in marketing from the University of Ottawa, she brings business acumen to the subjects she covers for the company blog and website. Lindsay compiles monthly newsletters, writes and promotes downloadable guides and press releases, promotes webinars and manages our online communities.

Visit Website