How to Remove Responsibility While Avoiding Data Breaches in Healthcare

February 28, 2012   Adam Quart   No comments
hhs data breach report infographic

If you are in the healthcare industry then you are familiar with privacy and how important it is to keep confidential data secure. Not only are you under the scrutiny of government regulatory compliance, you are also responsible for your patient’s personal data and ultimately their identity. In healthcare accountability has become an important part of compliance requiring data breaches affecting over 500 individuals to be reported and posted on the HHS.gov website. Now under pressure of hefty fines and being placed in the spotlight will we start to see the amount of breaches reduced or better yet higher security put in place?

Taking a look at information on the U.S. Department of Health & Human Services website we have put together some facts about healthcare data breaches. Although these are only the reported incidents it is alarming to find that the majority of the issue has to do with unsecure digital data. By removing the responsibility from physicians it would seem that hospitals and other healthcare facilities could have avoided many of the reported data breaches.

Loss and theft have played the largest role in healthcare data breaches with over 265 breaches involving 15,039,697 individuals’ records. That is over 67% of the total amount of reported breaches and an almost sickening, pardon my pun, 78% of the total stolen records. In the defense of lost and stolen information I would like to add that not all incidents involve a computer or digital form of data. However it is still extremely daunting that 92% of computer related data breaches are through theft or loss.

hhs data breach report infographic

Government regulatory compliance like the HIPAA Security Rule and HITECH Act require more security for healthcare data. However by still allowing physicians and other healthcare employees to transmit confidential patient data the problem will continue to be an issue. As the facts point out that although accountability is present and fines are hefty this cannot protect us against human nature. By losing computers or other portable devices, whether to theft or carelessness we put privacy at risk. However restricting healthcare from downloading and storing the confidential data relieves the situation.

If remote access of patient data can protect against 92% of computer related breaches then why is it not being implemented? By placing accountability on a single location and utilizing zero footprint technology data can be accessed through any device without information being left behind. Furthermore two-factor authentication allows for protection through an added layer of security that fights against fraudulent access.

The future is here now, there is no better time than present to remove trust from physicians and place it in the hands of IT security. By utilizing secure remote access through two-factor authentication and a one-time password we can improve privacy without hindering healthcare professional.

Read More

Verizon Reports Data Breach Count Rises While Records Breached Falls

February 16, 2012   Adam Quart   No comments
verizon data breach report

With the number of data breaches on the rise why are the amount of records stolen dropping?

Verizon recently released a report called the 2011 Data Breach Investigations Report (DBIR) in which it combines caseload information with the United States Secret Service. Although the number of records breached has dropped from a record high of 361 million in 2008 to 144 million in 2009 and even lower to only 4 million in 2010 the fact is that the total number of breaches occurring is rising. This could mean that smaller businesses are being targeted through different vulnerabilities than recent years.

Criminals Behind Bars Cause Others to Hide
Some would say that because many criminals were recently placed behind bars, including 1200 suspects arrested in ’10, we are much safer. While others, mainly those involved in security, are thinking the reduction in records stolen is a combination of higher security but mainly a greater desire to remain out of jail. Many large scale cyber criminals have recently been placed behind bars, including Albert Gonzalez and Maksym Yastremskiy who were responsible for the 2010 payment card data breaches. With these spectacles of the law being known by hackers everywhere it may be that criminals are laying low.

Rather than targeting the higher risk companies who have more security and investigative power, cyber criminals seem to be targeting low hanging fruit. The statistics from Verizon’s report show organizations with 11 to 100 employees have been breached more in 2010 than other company sizes. Approximately 436 breaches took place in this size bracket compared to the 323 breaches that took place in all other employee size brackets combined. This is most likely due to the fact that the level of security utilized by these institutions is much less extensive than that of larger corporations.

2011 verizon data breach protection

External Threats and Remote Access Security
It is great to know that employees and competitors are not the direct cause for data breaches. However with 98% of breaches originating from organized criminal groups and unaffiliated persons it is plain to see that remote access security is a dilemma. The top 4 types of attacks resulted from hacking and malware. Although mobile devices have been seen as the source of evil lately in essence it is the server that has been the target. This is not to say that mobile devices will not haunt our future security woes as they may soon become the target of cyber thieves.

In order to secure our privacy the problem lies in authenticating remote users. Anyone accessing the server should be an authorized user to prevent further deployment of malware. Furthermore with hackers creating programs for less skilled script kiddies to easily maneuver through security the need for remote access security will rise. These attacks that we have recently seen may just be groundwork that is being made for later attacks. By utilizing information from data breaches a hacker could create easy to use programs in which they can control many unskilled attackers from many locations to pull off a much larger breach of records.

By utilizing a two-factor authentication method to identify user’s many hacking attempts would be thwarted. However in order to completely secure remote access the need for out-of-band authentication from a one-time password is rising greatly. With over 50% of breaches resulting from malware an out-of-band solution allows for authentication to take place without chance of being breached malicious software.

With new reports by Verizon and other companies being released constantly we can view the change and evolution of attacks. More importantly we can see trends which may lead to future attacks and prevent data breaches through preventative security measures.

Read More