in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

HIPAA Encryption Software: BA Causes 188K HIPAA Breach In Indiana

HIPAA encryption software: although HIPAA does not require the use of data encryption, the rules also make it impossible not to use it when dealing with electronic PHI.  And, the Final Omnibus Rule was changed so that business associates and their subcontractors are liable for breaching ePHI if encryption is not used.

And for a good reason, as the following story shows.

Indiana Family and Social Services Administration Data Breach: 188,000 Clients

A number of websites are reporting that the Indiana Family and Social Services Administration (FSSA) has experienced a data breach.  A total of 187,533 people are being notified that their personal information may have been disclosed "as a result of a computer programming error by a business associate" (databreachtoday.com) and approximately 4,000 SSNs may have been compromised.

Also potentially compromised: names, contact information, case numbers, dates of birth, gender, race, medical information, financial information, and other data.

Seeing how the FSSA is in charge of Indiana's Medicaid program and also coordinates a number of medical services, it's surprising that the damage wasn't greater.

Obviously, this is one of those instances where the use of encryption wouldn't have helped.  Indeed, it's hard to believe that any type of data security software could have prevented its occurrence (which, according to databreachtoday.com, could be the largest data breach of 2013).

Yes, it's a different beast from the other data breach the FSSA experienced in 2012, when a laptop with PHI on 757 people was stolen.

A Matter of Controlling (Not Eliminating) Risk

The truth of the matter is that sometimes a data breach will take place, regardless of how much security you have in place.  It could be due to a software bug.  Or because the person you trusted decided to ignore computer usage policies, such as leaving the office with a laptop that contained sensitive data.  Or because your antivirus was not up to date.

The ways to a data breach are myriad.  The point of data security software and tools, though, does not lie in eliminating data breaches.  The point is to reduce it to an extent that it won't be a problem (or at least, not too problematic).
Related Articles and Sites:
http://www.databreachtoday.com/indiana-agency-notifies-188000-breach-a-5893
http://www.compliancehelper.com/post/1715689-business-associate-ba-causes-188-000-hipaa

 

<Previous Next>

HIPAA Encryption: Getting Fined For A Data Breach VS. Fined For Nearly Killing Someone

UK Data Breach Security: Sony Will Not Appeal £250,000 ICO Fine

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.