Another Hospital Loses an Unsecured Flash Drive Containing Personal Patient Data
December 11, 2013
I had to do a double-take on the date to make sure the article was written in the 21st century. But the date was, in fact, written yesterday. Really? With affordable, highly secure USB drives and remote management options available, hospital staff are still using unsecured flash drives with the personal data of 49,000 patients on it? One would think that with serious HIPAA regulations, stiff fines, and widespread concerns about ID theft, healthcare facilities would be fully implementing secure data measures by now. The very idea seems aberrant, like an amusement park operating a super-fast roller coaster without any type of protective restraints. It’s unconventional.
The article mentions the unsecured USB drive contained information on 49,000 patients from a Southern California hospital, and was “misplaced” back in September. Though unencrypted flash drives do offer convenience in storing non-confidential information, they should have no place in a workplace that is handling sensitive data.
The truth is, in this day and age of affordable secure, hardware encrypted USB flash drives and remote management options, hospitals and health care facilities really don’t have an excuse for allowing confidential patient data on unencrypted drives. For example, remote management applications for USB drives would not only restrict the use of any unsecured USB device on a network, but could also have USB drives wiped and deleted immediately if one were ever lost or stolen – from anywhere in the world. With Kanguru's remote management suite, once secure USB drives are initially configured by IT on a network and handed out to staff for use with sensitive data, the administrator can then monitor those secure USB devices, send security updates, manage passwords, restrict permissions, delete devices and much more, all from one secure remote application. Additionally, with password protection on each encrypted drive, even the NSA would find it impossible to access the data from the device without the pass code.
The government has cracked down with some very stiff penalties and fines on organizations that fail to secure personal data. Data breaches like this one could cost the medical facility millions in mopping-up operations, including recovery, litigation, providing ID theft protection for the patients, and rebuilding trust. If they had only installed Kanguru remote management with Kanguru secure, hardware encrypted USB devices at a fraction of the cost, this entire embarrassing situation could have been avoided altogether.
Kanguru can help organizations secure sensitive data with very affordable remote management and secure USB options, enabling healthcare facilities to keep the convenience of using portable USB devices with the power to secure them.