Bart Porter at (re)blog compiled a list of data breach greatest hits of 2009. Many of the incidents have been noted on the Kanguru Blog including the MP3 Player containing US Army data, local school district mishaps and hospitals that lose USB thumbdrives.
The conclusion:
There are many interesting details to note in this dubious line-up of data security breaches, including how many health care, government and education organizations are represented. Even more significant is how few business enterprises show up on the list. This may be a clear indication of what many in the data security industry realize and fear – that most businesses suffering a significant data security breach do not publicly acknowledge incidents as they occur.
We expect this to change as more and more data breach notification laws are enforced at the state level. The landmark Massachusetts law will take effect in March, 2010. Data encryption will become mandatory for portable devices that store customer or employee information.
Data Security
Healthcare providers are exposing private health information through the careless use of unsecured USB drives. It’s not just a problem in the United States. Last week the health department in Ontario’s Durham region lost a USB key containing data collected from 83,000 patients.
Like HIPAA regulations in the US, Ontario’s Personal Health Information Protection Act (PHIPA) requires healthcare providers “to ensure that personal health information in the custodian’s custody or control is protected against theft, loss and unauthorized use or disclosure”.
Data Security, Healthcare
Two recent surveys show that the Healthcare industry still has a long way to go in complying with new HIPAA security requirements. The 2009 HIMSS Security Survey found that one third of respondents had at least one known case of medical identity theft, yet only 50% have a plan in place to respond to data breaches.
The City of Detroit admitted to two healthcare-related breaches this week.
In one incident, a thief broke into a vehicle of a health department employee in October, snatching a flash drive with information from birth certificates…
The employee had backed up information on her flash drive because information was being transferred between computers at work.
The data appears to have been unencrypted. The city has offered a year’s worth of credit monitoring to anyone who was affected.
Data Security, Healthcare, Portable Storage
Government Computer News named the Kanguru eFlash one of its Best Products of 2009!
All this power and speed is packed into a drive the size of a cigarette lighter, a fitting analogy for something that is so smokin’.
Kanguru would like to thank the folks at the GCN Lab for taking the time to evaluate and review the eFlash. We would also like to thank the other publications that reviewed the eFlash this year.
Stay tuned for great new products launching in 2010.
Data Backup, Government, Portable Storage
Government Security News has a special section on Telework and Continuity Planning. Among the topics is the security threat associated with mobile workers. One of the key concerns is “the connection of infected devices to internal networks”. This threat has increased to due viruses that can auto-run and infect a computer from a USB device.
Kanguru Defender Elite USB flash drive will soon be shipping standard with anti-virus protection built-in. The device is fully encrypted with 256-bit AES hardware encryption, so that mobile workers can transport data without fear of data theft.
The ability to work from any location may be crucial to restoring government services in the event of an emergency. However, agencies might be introducing new risks if portability is not coupled with security.
Data Security, Government, Portable Storage
A USB memory stick containing sensitive Royal Navy data was found near the docks in Northern Ireland last week. The data on the device included personnel information as well as restricted information related to naval operations.
Detectives are currently examining the memory stick to determine who the device belongs to and whether any data was copied. This is one of the main reasons that Kanguru recommends that organizations take a more proactive approach to managing USB devices. With centralized control in place, authorities could find the device owner with a few mouse clicks. Audit logs would show where and when the device was connected, and forced hardware encryption would ensure that no sensitive data falls in the wrong hands.
As The Guardian points out, this type of security breach could have dangerous consequences:
Security sources said that, given the current level of threat from republican dissidents, any lapse was serious, as they have previously targeted not only police and troops but other members of the UK’s armed forces.
Data Security, Government, Portable Storage
The clock is ticking in Massachusetts where businesses have until March 1, 2010 to secure any customer or employee personal information.
This recent Patriot Ledger article contains good information about the new laws put in place after the TJX data breach and other high profile incidents.
Beginning in March, that data is required to be encrypted on any mobile device such as laptops or portable USB drives. The precaution follows several high-profile cases in which company data was accessed from stolen laptops, including the names and Social Security numbers of 800,000 applicants for jobs at the Gap in 2006 and 2007.
Data Security
Follow us on Twitter