All the data breaches in the news these days have caused many to think about encrypting their data to prevent the losses a breach will bring. With one of the biggest private health care providers in the US falling victim to a massive data breach, we can learn from its experience.
Even though credit card information wasn’t exposed, other sensitive data was, including names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.
So the question here is why no encryption? According to SC Magazine, the institution felt it had other security strategies. Unfortunately this is not the only incident of a data breach in the healthcare industry. From stolen laptops containing sensitive patient information to back doors planted in systems, information detailing abnormalities in usage behavior should be enough for IT administrators to notice and act upon.
The topic that needs to be discussed and agreed upon is a clear understandable encryption standard for the US and globally. Other countries are pushing these standards and requiring further encryption details for companies to abide by.
Encryption can be tuned to limit the amount of data that even authorized users can view at one time. That makes it harder for an outsider to copy a whole stockpile of records. All data nowadays, especially health care providers, should expect their data to be encrypted from end to end.
Fasoo Enterprise DRM (Digital Rights Management) could have prevented the exposure in this situation, even though credentials were stolen and used to access the data. If Fasoo monitored this situation, it would have noticed the excessive activity and the access to this data would have been revoked. Even if the information had been stolen, it would be inaccessible to unauthorized users.
Photo Credit: Yuri Samollov