Recently, a laptop was stolen from a hospital that had an encryption policy in place, yet the laptop was unencrypted when stolen. Unfortunately, this incident is not the first to reach the headlines, and it won’t be the last.
Isn’t it worth having these files automatically encrypted upon creation?
Isn’t it worth having your files encrypted throughout their entire life cycle?
Now there were reports that the encryption software was not reinstalled when the laptop’s OS was being updated. According to the hospital they stated they take security of their patients’ health information seriously, and multiple safeguards were in place, so how did this happen? Should this have happened?
There are a lot of good security solutions that will encrypt files containing confidential information, such as protected health information (PHI). We can see in this case, that it is equally important to protect the data itself as it is to monitor and audit what is being done with these files.
As you can see this is another case of insider threats. Was this malicious? This is very unlikely, but regardless, even if it was just the case of making a careless mistake, it happened. Now we don’t know how this leaked information will be used.
Always keep in mind we must protect, control and trace all of our most important intellectual property (IP) and sensitive information. With security solutions such as digital rights management we can rest assured that organizations can safely share IP regardless of where it is located.
This situation continues to keep your CEO up at night, but remember there is always a solution.
Photo Credit: Andrey Belenko