Don't gamble with your company's investigation process.

Learn about i-Sight software today

Reducing the Opportunity for Data Breaches

Sloppy employees and unsecured mobile devices are costing businesses some of their most valuable assets – information.

Posted by Joe Gerard on January 4th, 2012

Last year was a banner year for data breaches and the outlook for 2012 is even worse. As the value of personal and corporate information continues to rise, cyber-attacks will follow. Organizations need to step up their game when it comes to securing data.

Data Breaches in the Health Care Industry

Health care organizations are a prime target for cyber criminals looking to steal personal information. In 2011, data breaches in the health care industry reached an all-time high, costing the industry an estimated $6.5 billion, according to a recent study conducted by the Ponemon Institute and sponsored by ID Experts.

A Government Health IT article by Chris Anderson, “3 steps to minimize ‘data breach epidemic’,” discusses the findings from the study, which looks at data breaches in the health care industry:

Among the chief culprits responsible for data security breaches were sloppy employee handling of data and the ever-increasing use of mobile devices in the healthcare setting. Forty-one percent of healthcare executive surveyed attributed data breaches related to protected health information (PHI) to employee mistakes, while half of the respondents said their organization does nothing to protect the information contained on mobile devices. In all, 80 percent of healthcare organizations use mobile devices that collect, store and/or transmit some form of PHI.

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

Enforcement agencies aren’t taking data breaches lightly. Organizations that fail to protect personal information are going to pay a hefty price for their ignorance. Another Government Health IT article by Rick Kam and Christine Arevalo, both of ID Experts, “Year in review: Top 10 trends in healthcare data privacy and security,” reports:

The Office for Civil Rights has entered a new phase of increased enforcement and fines that are stiffer than an overstarched lab coat. In February, Cignet Health was fined $4.3 million for denying patients access to their medical records. At about the same time, Massachusetts General agreed to pay $1 million for the loss of 192 patients’ protected health information.

Reduce the Opportunity

Organizations need to take steps to reduce the opportunity for data breaches to occur.  The findings from this survey reiterate the importance of providing employees with security training. Everyone in an organization needs to understand the role they plan in maintaining corporate security, as well as the consequences of failing to protect sensitive information.

Use relevant, task-specific scenarios to teach employees how to properly handle client/patient information. Remind employees of the dangers of using the same password for every application/system and set a minimum standard for password strength. You’ll also want to have employees change their passwords every month or so. Employees should also be reminded that the simplest things – such as writing passwords on sticky notes and placing them under a keyboard – are major security risks.

Mobile and other portable devices also remain a security concern, as these devices can be easier to lose – or steal. As noted in the findings from the study, few respondents reported that their organization takes any action to protect information on such devices. Don’t leave portable devices lying out in the open for anyone to look at or take. Employees using mobile devices should never connect to free or unsecured wireless networks. Mobile devices should be password protected and encrypted to reduce the risk of information theft should the device go missing or get stolen.

Joe Gerard
Joe Gerard

CEO, i-Sight

Spend my days showing off the i-Sight investigative case management software and finding ways to help clients improve their investigations. Usually working with corporate security, HR & employee relations, compliance and legal teams.

Visit Website

Book A Demo

To our customers: We’ll never sell, distribute or reveal your email address to anyone. Privacy Policy

Want to conduct better investigations?

Sign up for i-Sight’s newsletter and get new articles, templates, CE eligible webinars and more delivered to your inbox every week.