in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Laptop Encryption Software: HHS At 6-Month Mark Shows 66% Of Breaches Via Storage Devices

The site modernhealthcare.com has noted today that approximately two-thirds of the breaches listed at a HHS site involve storage devices, whereas only 3% involve hackers.  The complications resulting from the former can be mitigated by using hard disk encryption like AlertBoot endpoint security software.

HHS Airs Breaches Involving More than 500 People

As I noted back in February, passage of the HITECH Act meant that the Department of Health and Human Services now has to make public any notifications where private health information is breached for more than 500 people.

Obviously, HIPAA-covered entities must notify the HHS regarding the same.

Now that there are about 6 months' worth of notifications (the first breaches that are listed date from September 2009), modernhealthcare.com did some analysis, and found that:

  • The average size of a breach by a hospital involves 6,251 records; the same by a physician's office involved 4,496 records.
  • The median size of a breach across all was 2,667 records, which may be a better barometer for making sense of the data--at least, that's what my stats professor said when extreme data points are involved, if I recollect correctly.
  • 66% of the breaches involved "record storage devices"--including laptops, desktops, and paper records.
  • Of the record storage devices, 26% involve laptops, 16% involve desktops, and 19% involve paper records.
  • 2% of breaches involved hackers (which I guess implies network attacks as opposed to stolen or missing hardware).

It's interesting to note that the total sum for the fourth bullet lies at 61%, meaning that 39% of breaches are accounted for by other storage devices: external hard drives, CDs and other disk media, tapes, etc.

If such breaches were to be included, the number of breaches that could be prevented via encryption software would be over 33% of all reported breaches.  In fact, it might be even more than that since we're dealing with instances where 500 or more records were involved.

On the one hand, some people may be disappointed that disk encryption programs can prevent only a portion of all possible breach incidents.  On the other, being able to alleviate 30% or more of security risks is not a bad deal.


Related Articles and Sites:
http://www.modernhealthcare.com/article/20100427/NEWS/100429921/1153
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html

 
<Previous Next>

HIPAA Encryption: What Does the HHS Do For Their Data Encryption Needs?

Data Encryption: NHS Worst UK Data Breach Offender

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.