535 Connecticut Ave. Suite 104
Norwalk, CT 06854
Empire State Building
350 Fifth Avenue, 59th fl.
New York City, NY 10118

Featured Article

November 25, 2015

Using Unencrypted Data? You're Playing With Fire

Despite all of the attention surrounding cybersecurity today, many organizations are still failing to properly protect their sensitive data. It’s all too easy to think that a data breach could never happen to your organization, only to learn about the stiff repercussions way after one occurs. And oftentimes, such repercussions aren’t felt until long after an incident happens, as one company—Hartford Hospital and its contractor, EMC Corp. recently experienced.

Here’s what happened:

Back in 2012, a laptop was stolen from the residence of a contracted employee which contained the protected health information (PHI) of about 8,900 Connecticut residents. Now, almost four years later, Hartford Hospital and EMC Corp. are in hot water following an investigation which concluded that the patient data which was stored on the stolen laptop was unencrypted, and therefore exposed to prying eyes.

While there is no evidence to suggest that any of the patient data has been nefariously used since the incident, Hartford Hospital and EMC Corp. still must pay for failing to take appropriate security measures into consideration. Just recently, Hartford Hospital and EMC Corp. agreed on a settlement with the Connecticut attorney general’s office which will require the organization to pay a fine of $90,000.

Following a Nov. 6, Assurance of Voluntary Compliance agreement,  Hartford Hospital and EMC Corp. also agreed to overhaul cybersecurity and compliance training. They’re now working with the state to properly resolve the issue and ensure it does not happen again. Perhaps most importantly, the hospital has agreed to maintain data encryption policies for all PHI for all of its portable devices, electronic transmissions and stored data.

This case should be an eye-opener to all businesses about the importance of properly protecting patient and customer data through encryption—particularly businesses which use a large number of portable devices. Even if your business is currently using security technologies like passwords and PIN numbers, they are no substitute for encryption.

Most executives tend to agree with this, too. According to one recent study, 90 percent of executives believe that work computers should be encrypted.  And 87 percent of executives fear data breaches arising from physical theft; concerns about theft range from storing laptops in cars, working at coffee shops, thieves breaking into their homes or hacking online or losing their device in an airport.

What’s more, the study shows that 39 percent of executives encrypt their information for fear of their financial information being compromised, while 35 percent encrypt because data breaches are both common and damaging. Furthermore, 16 percent of executives encrypt their computer because once a work computer is encrypted, everything must be encrypted. And 3 percent of executives encrypt their data due to concerns about governments spying on their files.

Are you concerned that your business could be at risk of a data breach? Click here to learn more about how your company can stay protected with the help of a managed services provider, which will ensure that all of your cybersecurity protocols are enforced. 

Related Articles