Which is more costly to a business? Spending the money to become compliant with federally mandated security regulations or remaining noncompliant?
A recent study by the Ponemon Institute compared the cost of complying with state and federal security regulations vs. the cost of potential business disruption, productivity loss, revenue loss, and fines. Read more about it here.
Data breaches that expose confidential medical data are costing healthcare providers $6 Billion a year. SC Magazine reports on a new study by the Ponemon Institute and the results are not good.
The top three causes of breaches were unintentional employee action, lost or stolen computing devices and third-party accidents. The average number of lost or stolen records per breach was 1,769.
The survey found that breaches have cost the U.S. health care system $12 billion over the past two years. The economic impact of a data breach was approximately $2 million per organization over a two-year period.
Expect the number of records per breach to increase as portable devices continue to grow in capacity and shrink in price. Employees may have good intentions when they take the entire database home with them, but data breaches often result when a car is broken into or a thumb drive slips out the pocket. Healthcare organizations need a policy for securing USB devices and it needs to be enforced automatically.
The Philadelphia Inquirer reports a on a major data breach at Keystone and AmeriHealth Mercy Health Plans.
A spokesperson for the companies responded to questions for a follow up article:
CSO Blog has a short explanation of the HITECH Act and its implications for Healthcare providers and 3rd party partners. The author also outlines some steps you can take to lower the risk of a data breach. These include taking an inventory of all Protected Health Information (PHI) and using encryption on all storage devices.
Tim Wilson at Dark Reading reports on two more data breaches involving lost storage devices:
Online attacks might be getting more sophisticated every day, but two incidents last week are reminding the industry that the loss of physical storage media is still among the most common causes of data breaches.
The term “free credit monitoring” appears in many articles like this one. It should be emphasized that the services will be free to the victims, but will be quite expensive for Care 1st.
A number of these incidents involve laptops or USB hard drives. The rule of thumb should be: If it’s portable, it’s easy to steal.
While Non-Profits may operate under budget constraints, they still require high-end technology solutions to meet their information security requirements. Kanguru is now offering discounted pricing on Defender and Defender Pro secure USB flash drives for Educational and other Non-Profit institutions.
Many Non-Profits handle and store sensitive information on clients, patients, students and employees. These organizations may be subject to State Data Breach Laws, HIPAA or the Family Educational Rights and Privacy Act (FERPA). The Kanguru Defender product line is designed to be a simple, cost effective solution for securing portable data and complying with applicable regulations. Contact Kanguru or your preferred Reseller for information on discounted pricing.
The California Dept of Public Health has fined five hospitals for failing to prevent unauthorized access to patient’s medical information.
CDPH assessed the penalties under new California legislation intended to protect the confidentiality of medical records. Under the law, an administrative penalty of $25,000 may be assessed against a medical facility for the breach of each patient’s medical information. A penalty of up to $17,500 is added for each subsequent breach of each patient’s medical information.
Penalties are also increasing at the Federal level thanks to last year’s HITECH Act. Enforcement of the new legislation started earlier this year.
Two hospitals in Kentucky have been forced to notify the public of data breaches under the new HITECH legislation. Both breaches involved the loss of unencrypted portable drives. According to the story in Health Data Management, one flash drive contained protected health information for 24,600 individuals admitted to the hospital since 2002.
The HITECH Act is changing the way that healthcare providers think about data security. Small devices can store massive amounts of data and should be considered high risk if they are not properly secured.
Kanguru is proud to announce that the Kanguru Defender Elite encrypted USB flash drive has received FIPS 140-2 certification from the US and Canadian Governments. This hardware encrypted device meets Level 2 security requirements, which validates its use for protecting sensitive government information. Defender Elite also meets Level 3 requirements in several key security catagories. The FIPS 140-2 standard is recognized internationally and by a number of other industry regulations, including HIPAA (PDF) for Healthcare.
Check out our website for more product details, and read our previous post about remote management.
Follow us on Twitter