Nearly 15% of universities competing in this year's NCAA tournament were breached during the past year. According to a database maintained by the Privacy Rights Clearinghouse, the following schools experienced some form of unintended data disclosure since July 2012:
In some cases, the breaches exposed social security numbers, usernames and passwords and other forms of personally identifiable information (PII). A good reminder that any institution handling information on behalf of students needs to take extra precaution to secure the data and ensure it's following disclosure rules laid out in the Family Educational Rights and Privacy Act.
This year alone the Personal Health Information (PHI) of more than 11 million Americans has already been compromised, according to news sources. While this figure is alarmingly high, the underlying yet more disturbing issue here is that almost every incident involving the loss of patient’s PHI could have been prevented if minimal security measures had been initially implemented. Quite often companies of every industry will look at IT security from a strictly financial point of view, and see a zero ROI, but the reality is that anytime an organization, especially in the healthcare industry, possesses Personally Identifying Information (PII) it comes with a very real security risk that needs to be addressed responsibly. The argument here is that the security of patient PHI should be a top priority and a high-level concern, as opposed to an unnecessary expenditure or an afterthought in the unfortunate, but not uncommon event that a breach does occur.
The necessity for sufficient data protection measures to be in place can be perfectly illustrated by the case of the 2009 Blue Cross Blue Shield of Tennessee (BCBST) data breach. While hacking is often viewed as the primary cause of data breaches, and frequently is, in this case BCBST had 57 hard drives physically stolen from one of their training facilities. Though it is uncertain exactly what all information was lost, within a year the company had spent more than $7 million dollars on everything ranging from providing no-cost credit monitoring for up to a million of their affected customers to the hiring of more than 700 IT employees just to assess what was missing. Another year later and estimated 5,000 hours of work, BCBST had completed their $6 million dollar project to encrypt all data at rest throughout their entire enterprise.
Not all security options are equal but when information absolutely needs to be protected encryption is your best bet. As the BCBST press release explains, encryption uses algorithms to convert readable text into an indecipherable format. Coupled with correct use of secure keys, allowing only authorized individuals to view the readable format, encryption can be used as your last line of defense. If all of your data is encrypted, it does not matter if the information is physically stolen or virtually hacked, the culprit will be left with nothing but useless lines of unreadable code. It should also be known that not all encryption efforts take two years and millions of dollars. While BCBST boasts of their accomplishment of no-performance-loss enterprise-wide encryption taking only two years to implement, there are now products emerging in the marketplace that can accomplish the same feat for a fraction of the time and cost. Gazzang can provide no-performance-loss, downloadable encryption software coupled with a patent-pending Key Storage System that can be up in running in few hours. It’s incredible what technology can do in a couple of years. Also, it won’t be a problem if you don’t have a few million dollars lying around – Gazzang software is sold as a subscription for $499 per year, per server.
Our charter at Gazzang is to promote and raise awareness of the ever-present issue of data security and to bridge the gap between enterprise features and affordability. For consumers, simply checking to see if organizations you interact with take adequate measures to keep your information private could save you from immeasurable amounts of frustration down the road. And for companies seeking to better protect their customers and clients, we’re working hard every day to make it as easy as possible for you to keep the private information of your trusting customers safe and secure without the hassles of expensive hardware or an army of IT consultants.
Sources and other helpful information: