Healthcare data breach due to misplaced flash drives seem to be a rising trend as recently another case was reported on August 7, 2015. Lawrence General Hospital in Massachusetts reported that a flash drive was missing. Even though it had very limited patient information, it did include lab testing information such as patient names, lab testing codes and slide identification numbers. Letters to about 2,000 patients were sent out, and have yet to locate the flash drive. According to their website, the misplaced flash drive was “unencrypted”.
How many times have we heard this type of data breach occur and appear on our news feed?
In July, OhioHealth had reported a similar data breach, after discovering that a flash drive had gone missing. Approximately 1,000 patients’ data became vulnerable, and about 30 or so Social Security numbers were compromised. As in the previous mentioned data breach this flash drive was “unencrypted” well. In addition, in South Carolina, a safe containing two flash drives and two hard drives containing EMS patients’ Social Security numbers, patient names and addresses and clinical information were stolen, and you guessed it, the flash drives were unencrypted.
It is not enough just to reinforce staff training and education on the “importance” of handling patient information securely, the data itself must be protected persistently no matter where it goes. By the results of these three incidents, it should now be without a doubt considered that flash drives carrying sensitive information including PHI (Protected Health Information) and other limited patient information to be encrypted with data-centric security.
By adding context aware data protection to your security framework, you can guarantee that only authorized people can access sensitive PHI no matter where it is. By encrypting this data and applying persistent security policies to it, even if the data leaves your network in a flash drive such as in this case, it is still protected and always under the appropriate control.
As breaches of this nature continue to occur, it is important that healthcare providers continue to emphasize not only the importance of health data secure but also for the healthcare organizations themselves to make sure that they have the appropriate data security to protect against external and internal threats on all of their devices, especially on flash drives.
Photo credit by: Custom USB