Earlier this month, an article recorded that data breaches in 2015 are on pace to break records both in the number of breaches and records exposed. In 2014, the numbers of US data breaches tracked by the Identity Theft Resource Center hit a record high of 783, with about 86 million confirmed records exposed. So far this year, as of June 30, the number of breaches reached 400 and additionally, about 118 million records had been confirmed to be at risk.
We all have heard about the government data breaches that have reached the headlines but in addition to those, some other major data breaches which have exposed more than 92,000 people’s personal information are three separate organizations in very different industries. Florida’s Orlando Health, California’s Cuesta College and Michigan’s Firekeepers Casino recently acknowledged data breaches.
Orlando’s Health announced on July 2, 2015 that approximately 3,200 patients’ personal records were exposed by a former employee. The data included names, birthdates, addresses, medications, medical tests, test results and other clinical data. This wasn’t the first time as back in January 2014 a flash drive was misplaced that contained and exposed 586 children’s data, and also the theft of patient records by a former medical assistant in February 2013.
Cuesta College announced on May 31, that a college human resources analyst on medical leave allegedly downloaded reports containing approximately 4,000 current and previous employees’ personal information, then emailed the reports to a personal email address.
Lastly, Michigan’s Firekeepers Casino, announced on July 3, 2015 that approximately 85,000 credit and debit cards used between September 7, 2014 and April 25, 2015. They also discovered that there may have been unauthorized access to a file storage server, which holds customers’ social security numbers and/or driver license numbers, as well as current and former employees’ social security numbers, health benefit selection and medical billing information.
The stories are the same and what we have continued to see is that none of the information/data had been encrypted. Even with all the articles and advice that not only security companies are saying but reporters in this area have also continued to say data needs to be protected. Now the government especially state governments are taking the stance to make sure that your organizations that hold/store customers’ personally identifiable information are required to secure them by “encrypting them or by any other method or technology that renders the personal information unreadable or unusable.”
By encrypting this data and applying granular permissions to them automatically, personally identifiable information, intellectual property and other sensitive information can remain protected. With data-centric security, whether it is a malicious or unintentional insider such as a current or former employee or an outside hacker who has gained access to your file storage server, you data is protected no matter where it goes.
Photo credit by: Jbosarl