HIPAA News

Top Five Computer Security Risks for Healthcare as Identified by Absolute Software

(March 20, 2008)-- Absolute Software Corporation, provider of firmware-based, patented, Computer Theft Recovery, Data Protection and Secure Asset Tracking solutions announced that it has identified the five computer security risks healthcare facilities most often face in preventing identity theft caused by data breaches. Identity theft as a result of stolen or misplaced computers that contain sensitive information is an escalating problem. According to privacyrights.org, there were at least 46 US data breaches involving 62 stolen or lost computers at healthcare facilities in 2007, resulting in almost five million compromised identities.

The recent identity theft epidemic is especially evident at healthcare facilities, where a stolen computer could potentially contain the most personal of information for thousands of people. Through its work with healthcare organizations, Absolute has identified the computer security risks most often faced by hospital systems, health management organizations and others with responsibility for electronic protected health information:

Top Five Healthcare Computer Security Risks:

1. Failure to Protect Sensitive Data Beyond Encryption According to the 2003 Health Insurance Portability and Accountability Act (HIPAA) Security Rule, healthcare organizations must encrypt electronic protected health information (EPHI) stored on open networks such as laptops. However, a recent Research Concepts survey found that 72% of IT asset managers believe their own employees - those with access to encryption keys and passwords - were responsible for the most incidents of data breach in their organizations. With lost or stolen mobile computers cited as the cause of nearly 50% of data breaches, healthcare organizations must complement encryption with the ability to remotely delete EPHI from missing computers for the highest level of data protection.

2. Inability to Accurately Manage Mobile Computer Assets In order to achieve HIPAA compliance, healthcare organizations must be able to audit how many computers they have in their inventory, where they are assigned, who is logging into them, what software is installed and where the computer is physically located. However, recent studies show that most organizations are able to locate only 60% of their mobile computer assets. Internet-based, firmware-persistent IT asset management solutions such as Computrace can provide visibility into as much as 99.7% of a computer population - regardless of computer location.

3. Sensitive Information on Public Terminals Many healthcare facilities allow public information to be accessed on open-air terminals, such as nursing stations, public information terminals and help stations. These workstations are at great risk of data breaches and information can be easily accessed and downloaded. Unattended stationary computers should always be monitored and protected with an authentication prompt.

4. Difficulty Implementing a Comprehensive Data Security Plan Healthcare facilities need to institute a comprehensive data security plan to secure computing assets and sensitive information. Asset tracking and recovery software should be part of a comprehensive approach, which also includes cable locks, encryption software and secure passwords. The plan needs to be reviewed and updated consistently to ensure maximum effectiveness.

5. Reluctance to Create a Data Breach Policy Few healthcare facilities have 'nightmare scenario' policies in place should a data breach occur. In the event of a data breach, there should be a standard procedure in place for timely notification of supervisors, law enforcement, patients and the media. In a data breach situation, computer theft recovery software solutions such as Computrace have the capability to remotely delete sensitive files, track lost or stolen computers and partner with local law enforcement to recover them.

Share or bookmarklet this web page at: