FTC Alleges Data Breach: Is your medical data secure?
It was a double whammy for the medical data company.
LabMD, a medical laboratory, had exposed the personal information of nearly 10,000 of its customers on a file-sharing network, according to an article published recently on CIO.com. The misstep doesn’t necessarily mean that the information was abused, but sensitive medical data was clearly accessible to people who should not have had access to it.
This wasn’t the first time LabMD has run into trouble.
In 2012, The U.S. Federal Trade Commission also discovered that Sacramento police caught identity thieves in possession of documents belonging to the Atlanta-based lab.
LabMD denied the allegations, and the precise details that led to the security breach are unclear, but the FTC contends that the problems were a direct result of a lack of a proper system for protecting the personal data of its customers.
With separate complaints and evidence that information was stolen and abused, this company clearly has security issues to address.
Whether company-wide negligence, ignorance, or even the corruption of certain individuals within an organization causes a given data breach, the fact is, such situations can almost always be avoided.
Planning for Medical Data Security
If your company or organization handled patient data or medical data of any kind, you are already aware of HIPAA and the requirements for protecting private medical data. New, more stringent penalties for those who fail to protect patient data were recently announced, including fierce fines and long prison terms.
Making sensitive data available to those who need it, and keeping it safe from those who don’t, is just as important (if not more important) than worrying about hackers and network security.
In many cases, patient data cannot be emailed for security reasons, but hospital staff simply copy the private data onto a portable flash drive and put in their pocket or purse to work on it elsewhere. This is far worse than an errant email.
All patient data and medical data security measures need to take into account how authorized staff members can access and use patient data without copying it, emailing it, or taking it away from secure computers.
The dangers of loose media
Whenever there is loose media, there is a greater chance for proprietary information to be compromised. This is why TechR2 has created advanced security systems such as . This service ensures that your company’s data is safe through its secure containment, inventory, tracking, and secure onsite data destruction.
Your employees can deposit their data bearing devices in a secure designated bin, once that bin is full TechR2 will come onsite and securely destroy all data at your location. Once the project is completed you will receive a detailed audit report and certificate of destruction to ensure that you can prove the legitimacy of your security practices. Additionally, in any case where there is a suspected data breach, having record of the devices that were destroyed will make the process of detecting the source of the breach exponentially more effective.
TechR2 simplifies the endless task of maintaining your company’s security, while always adhering to environmentally responsible best practices. Make sure your company is doing all that it can.