in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Laptop Encryption Software: A Key Tool In HIPAA/HITECH

Another day, another report on the first year of the HITECH (Health Information Technology for Economic and Clinical Health) Act.  Like other similar reports, one can only conclude that the attentive use of cryptographic solutions like full disk encryption from AlertBoot would have prevented many of these breaches.

Laptops, Theft Leading Cause of Breaches

The report by Kaufman, Rossin & Co. notes that "theft was the primary cause of a data breach, occurring 58 percent of the time."  In other words, a little over half of all breaches, and which I assume includes hacker activity.  I expect the actual numbers to be much higher, though, for two reasons:

  • The report doesn't (can't, actually) include breaches involving less than 500 people because these are not made public by the HHS, as I noted in "500 is a tragic number."
  • There are those instances where it's literally claimed that it's not known how or where something was lost.  These tend to be classified as losses, but let's face it, a good number of them must be thefts.

On the other hand, I imagine that the proportion of breaches including laptops would fall.  Over the past year, it was the leading cause of PHI breaches; however, when you consider that approximately 9,000 breaches in that period -- and also considering that laptops and other electronic storage devices tend to include records for more than 500 people -- it wouldn't be a bad guess to say the ratio of breaches involving laptops will fall, even if total incidences involving laptops increase.

(I could be very wrong, though.  I have to admit that my perception on the link between electronic storage and big numbers must be colored by what I read on the news, which generally deals with big numbers.  You're not making headlines if a stolen laptop had data on two people.)

32% of Breaches Reported within the First Three Months

One conclusion that I have not seen before is on how fast these breaches are reported.  According to the Kaufman, Rossin & Co. report, thirty-two percent of breaches are reported within three months of it occurring.  Or at least, that's how I'm interpreting it.  They could have meant "within three months of finding the breach" but that would imply that 68% of covered entities out there are not in compliance with HITECH requirements to make the report with 60 days of being aware of the breach.

Encryption Software Would Really Help

There are many reports out there analyzing the first year of HITECH, especially on the requirement to alert the HHS on data breaches involving PHI.  Each one of those reports, and experts commenting on those reports have made the same observation.

Namely, that the use of encryption would solve a lot of these problems.  Not all of them, of course, but a lot of them.  Especially when you consider that the loss of digital storage devices tend to involve more PHIs than other forms of breaches.


Related Articles and Sites:
http://www.bizjournals.com/southflorida/news/2011/02/23/report-details-health-care-reform-theft.html

 
<Previous Next>

Drive Encryption Software: Henry Ford Has Second Data Breach, Loses USB Key

HIPAA Encryption: Medical Researchers Get Some Recommendations From Colleagues

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.