Blog

Tag: encrypted

Data Breaches on Record Pace for 2015?

Earlier this month, an article recorded that data breaches in 2015 are on pace to break records both in the number of breaches and records exposed. In 2014, the numbers of US data breaches tracked by the Identity Theft Resource Center hit a record high of 783, with about 86 million confirmed records exposed. So far this year, as of June 30, the number of breaches reached 400 and additionally, about 118 million records had been confirmed to be at risk.

We all have heard about the government data breaches that have reached the headlines but in addition to those, some other major data breaches which have exposed more than 92,000 people’s personal information are three separate organizations in very different industries. Florida’s Orlando Health, California’s Cuesta College and Michigan’s Firekeepers Casino recently acknowledged data breaches.

Orlando’s Health announced on July 2, 2015 that approximately 3,200 patients’ personal records were exposed by a former employee. The data included names, birthdates, addresses, medications, medical tests, test results and other clinical data. This wasn’t the first time as back in January 2014 a flash drive was misplaced that contained and exposed 586 children’s data, and also the theft of patient records by a former medical assistant in February 2013.

Cuesta College announced on May 31, that a college human resources analyst on medical leave allegedly downloaded reports containing approximately 4,000 current and previous employees’ personal information, then emailed the reports to a personal email address.

Lastly, Michigan’s Firekeepers Casino, announced on July 3, 2015 that approximately 85,000 credit and debit cards used between September 7, 2014 and April 25, 2015. They also discovered that there may have been unauthorized access to a file storage server, which holds customers’ social security numbers and/or driver license numbers, as well as current and former employees’ social security numbers, health benefit selection and medical billing information.

The stories are the same and what we have continued to see is that none of the information/data had been encrypted. Even with all the articles and advice that not only security companies are saying but reporters in this area have also continued to say data needs to be protected. Now the government especially state governments are taking the stance to make sure that your organizations that hold/store customers’ personally identifiable information are required to secure them by “encrypting them or by any other method or technology that renders the personal information unreadable or unusable.”

By encrypting this data and applying granular permissions to them automatically, personally identifiable information, intellectual property and other sensitive information can remain protected. With data-centric security, whether it is a malicious or unintentional insider such as a current or former employee or an outside hacker who has gained access to your file storage server, you data is protected no matter where it goes.

 

Photo credit by: Jbosarl

New Trend: Healthcare

I don’t know how much more we can continue talking about healthcare data breaches. This is again a multi week of data breaches in the healthcare industry, and again over and over. With Anthem Inc. and then again with Premera Blue Cross, and Advantage Dental, all announced they had data breaches, however nothing about if there data was encrypted.

How can 80 million and then 11 million then finally 150,000 patient records all in a month or so get exposed? Have we become so sure that we will not be a target to hackers and insider threats? The question now is not if, but when will a data breach happen. This is even more common in the healthcare industry.

 

Just by looking through the list of blogs that we have written alone, covers a lot about how we can help the healthcare industry protect PHI against being exposed. This is not only against outside attacks, but also to malicious and accidental insider threats. What is the reason behind this? The reason is that we protect the data itself, no matter where it is.

In addition, many states are very close to imposing regulations and laws to protect patient health information. They will also penalize organization that deal with this information and do not have the proper protection against such attacks.

It’s time to also not focus on the perimeter as for the past couple years, that perimeter can no longer be defined as it has become so wide. Meeting the proper steps to protect sensitive information of this nature must currently be paramount to all healthcare organizations.

Making sure that data is DRM protected, as this can prevent hackers from accessing the data even after the data has been stolen.

Remember the new threat even now is that your data is under attack. Even at this very moment it could be with all the recent APT (Advanced Persistent Threat) attacks. Don’t ignore the threat as it has become very real at a big scale.

 

Picture Credit: Adrian Clark

 

When Will Your Data Breach Happen?

IT security is a growing threat for businesses of every industry and no organization can be seen as safe. Hackers are learning new methods to attack web sites and networks. Most of the time employees have easy access to company information and are often unaware of how to detect and prevent these breaches because of a lack of training or lack of security for this information. The question is not if, but when will a data breach happen?

It is very clear that data breaches can no longer be protected by perimeter security. The perimeter continues to fade as a result of increasing connectivity between 3rd party partners and vendors, along with

customers themselves.  Mobile devices and cloud computing makes this perimeter almost impossible to determine. A majority of the cost of security is spent on firewalls, intrusion detection systems and antivirus software, however, it is only effective to a minute scale. Ultimately, it is the data itself which needs to be protected and encrypted persistently, no matter where it is.

Data classification is also a key in making sure that data breaches can be prevented. Categorizing data so employees know how to handle various types of information can determine the most sensitive data rather than data that doesn’t necessarily need to be protected.

Without a doubt though, any security professional will tell you and with no disrespect, that employees are the weakest link in the security chain. Therefore, you must make sure that the data itself is secured, rather than relying on policies, or training.

DRM protected documents have the type of security that doesn’t rely on the perimeter to secure sensitive company information. With even more laws and regulations coming into play recently, encrypting your information with Fasoo’s Enterprise DRM (Digital Rights Management) can help you keep your data secure even when a data breach happens.

So when the data breach happens, will you be prepared? With the right data-centric security solution, you can certainly count on it.

Photo Credit: Jbosarl

Healthcare Industry has the Worst Data Security Practices

Following the biggest data breach yet this year, with over 80 million Americans patient records being exposed from Anthem, the healthcare industry reputation for data security is at an all-time low. All of last year there were issues with insider threats, from malicious to accidental. To add on to this, there are now reports that it was email that was used to get into the Anthem network and steal all that data.

The data which was not encrypted was stolen and hacking started from employees email accounts.

This is not the first time, although it being the most covered by media, however, there have been many, many times last year when laptops were stolen or former employees accessed the network to steal patient related sensitive information. Already many states have seen this and are saying that “enough is enough!” The push for better data security such encryption is now close to being considered law for those organizations that deal with customer personally identifiable information.

A lot of healthcare organizations have performed security and compliance training however, with the failure rate of over 70 percent according to a 2011 report on IT security best practices, human error is more than possible over security technologies.

Isn’t it time to make sure that data is secured no matter what?

Although retail and finance have taken over the majority of data breaches due to their large numbers of records exposed, judging by the headlines, healthcare seems to take the lead of how common those breaches are. To be more exact, the healthcare industry accounted for 43% of all major breaches in 2014, according to the Ponemon Institute.

Within healthcare organizations, a whopping 93% of information held requires protection, according to EMC’s The Digital Universe report. The data includes claims requests, PHI, and medical records. Yet only 57% of this information is “somewhat protected,” while 43% is inadequately safeguarded, the report found. Somewhat protected, inadequately safeguarded?

The best way to ensure that data is secure is to make sure it is DRM protected. Fasoo Enterprise DRM or Digital Rights Management protects the data itself to provide a more secure work environment. Meeting compliances and regulations is one thing, but ultimately protecting data and protecting patient health information should be the 2015 goal for the whole healthcare industry.

 

Photo Credit: Daniel Lobo

Categories
fasoo_logo
Contact Us
Your data security journey starts from here!
See how Fasoo can help your data privacy and security.