Just last week it was reported that University Hospital had a hard drive taken from their facility after a third-party vendor performed a routine update to a computer system on their campus.
It is not known exactly what information was contained on the drive but it was reported the drive most likely contained patient information such as names, dates of birth, home addresses, insurance provider information, medical records numbers, health information about specific patient treatment and social security numbers. The Plain Dealer says that the missing drive was also believed to have data that was compiled from 19 other computers and that the drive was not encrypted.
Several individuals are going to potentially be affected by this, and the hospital is going to have to provide a year of free credit monitoring and identity theft protection to all of those individuals. This is probably the only bright side of this so far, only a limited number of patients were affected. But had it been more, and the data actually leaked, this could have been a lot more costly. They also have brought in an IT security consultant which I am sure will not be an inexpensive effort.
All of this could have been avoided had they had systems in place to contain loose media and off network storage devices. The items don’t even need to be destroyed right away, but having a way to securely contain the items after refreshes, updates, or repairs until they can be properly destroyed would have completely avoided this security lapse.
5 Suggestions to prevent this from happening to you
- A written policy for loose hard drives and data bearing devices
- Secure containment for those devices prior to data destruction
- Detailed Audit Trail – keep inventory of all data bearing devices from the moment they are removed/retired from the network
- Certified Onsite Data Destruction – NO data leaves your facility
- Choose the right vendor for the job – contract with a company that knows the importance of Information Security
Management and your brand
Don’t wait until your Company’s name is in the headlines
To implement a secure, certified process for your loose media and off network devices, click below to register.