It seems from a recent report that healthcare businesses have become a specific target for hackers in recent months. International managed security services company SecureWorks says that attempted hacker attacks launched at its healthcare clients doubled in Q4 2009, increasing from an average of 6,500 per healthcare client, per day in the first nine months of 2009, to an average of 13,400 per client per day in Q4 2009.

It’s suggested that there are two main reasons for this: the large amounts of identifiable data on patients stored within healthcare organisations, and the sheer number of possible attack vectors, including web-based attacks and attacks from devices (such as infected, unauthorised USB flash drives).

In some territories, such as the UK and Canada, healthcare bodies are rolling out extensive data security measures (such as secure USB drives with onboard anti-virus scanning). This is a sensible and practical response to the increase in data security risks.

It’s been talked about for some time, but now the UK’s information watchdog, the Information Commissioner’s Office, will soon be able to penalize companies that are proven to have acted recklessly or maliciously with personal data.
Read More »

The personal health records of over 83,000 Canadians have been lost on an unencrypted USB memory stick.

The device was lost by a member of staff from a centre in Ontario State, and contained data collected from everyone who attended H1N1 or seasonal flu vaccination clinics in the region over a period of nearly two months. The information included personal information such as names, addresses, phone numbers, dates of birth, health card numbers, doctor’s names and so on. Read More »

Another UK council has had to sign an undertaking with the UK Information Commissioner’s Office (ICO) to better safeguard its data after an unencrypted USB memory stick was lost in the post.

The device, lost by Shropshire Council in England, contained personal and health details of vulnerable members of the public, and of members of the council’s own staff who were working in the sensitive adult social care department. It was being sent by post from the council to a contractor in Cardiff.

The ICO said the loss breached the Data Protection Act, and the undertaking the council has signed requires education of staff on data security, and encryption of portable and mobile devices used to store and transmit personal data.

These incidents show the need for always-on, mandatory protection of data written to removable media: protection which is delivered from use of our Cruzer Enterprise range of secure USB flash drives.

It’s been a high-profile year for USB memory sticks: they have been the subject of many headlines thanks to a series of losses and theft incidents, and have been exploited as a new vector for spreading malware across networks (thanks to Conficker and related Autorun-exploiting worms). Read More »

A recent survey of London taxi drivers shows that December is the worst time of year for losing mobile phones, laptops and memory sticks.

Apparently some 10,000 mobiles are left behind in taxis every month, and over 1,000 laptops, flash drives and other removable devices too. It’s believed that most of these losses happen because they slip out of peoples’ pockets, or are simply forgotten as passengers rush to their next meeting or destination.

The good news is that London cabbies are more honest than their counterparts in New York:
80% of taxi drivers in London claimed that they had reunited owners with their devices once they were found, compared to just 66% in New York.

Even so, it’s all the more reason to secure any data on these portable devices with encryption – just in case you’re one of the 20% whose device isn’t found.

We’ve all lost things at some time in our lives – car keys, wallet, mobile phone – and have experienced the frustrations this can cause.  Some might have lost things like laptops, and had to suffer the problems of paying for a replacement, and the loss of useful information that was on the device. 

These problems are irritating, but usually don’t cause much more than minor inconvenience.  If only it was the same in the business world.  That laptop loss, or loss of a USB flash drive, could be just the first of many problems.  Does the business know what data was on that PC or thumb drive?  Did the user remember to encrypt the data?  What are the ramifications if the data falls into the wrong hands?

This article from Jon Collins, head of research company Freeform Dynamics, looks at practical, good-practice steps companies can take to minimise the fallout from device losses. 

It maps closely onto the benefits our secure USB flash drives and data management solution deliver to users – automated, transparent protection of data, the ability to track and audit what data has been copied to devices, and remote device termination.  With the right equipment, small problems will stay small.

We have posted about this a little earlier this year, but it’s worth mentioning again that the UK Information Commissioner’s Office, which is the data watchdog for the UK Government, continues to take tough measures with public sector organisations that have suffered data breaches.

Most recently, a UK healthcare organisation misplaced 3 unsecured USB flash drives with confidential patient details, and has signed an undertaking confirming that the Trust will take a number of steps to ensure personal data is kept securely.
 
The Assistant Commissioner at the ICO said: “I urge all NHS organisations to restrict and encrypt the amount of sensitive information stored on portable devices. In this case, our investigation found that there was a lack of understanding and awareness among staff of their responsibilities under the Data Protection Act.”

This is good practice, and a good argument for deploying secure USB flash drives.

With more and more entertainment content being released as ‘special edition’ USB flash drives, here are two of the more extreme examples of drive packaging that have been announced this week.

First, here’s a submachine gun-shaped drive for US rap group Get Busy Committee’s new album, released later this month.  And here’s a special edition 4GB drive for the home release of the latest Star Trek movie.

The good news is, with designs as striking as these, users are much less likely to lose them.  However, the temptation to use the huge capacities of the drives to store personal data is also strong.  Despite the novelty and the wow-factor, we would advise keeping such special drives for entertainment only, and using a secure flash drive for any business or sensitive personal data.

Every once in a while, someone launches a USB flash drive that we just have to blog about.  Here’s a striking one that I haven’t seen before:  a scented pendant with internal USB drive. 

If you carry your flash drive as a necklace, I guess it’s fairly secure – or at least, you’ll quickly realise if you lost it.  But adding a scent to the drive is certainly an unusual step.  I wonder what it smells of?

Of course, our secure USB flash drives have no artificial scents applied to them.  But they do keep your data safe in all circumstances – which will leave your organisation smelling of roses if one of our drives is ever misplaced or stolen.