April 14, 2014 The blogosphere is awash with stories about the recently discovered “Heartbleed” bug and what it means for the future of the Internet. For those who are unfamiliar with the Heartbleed bug, it is essentially an error in the technology used by secure websites to prevent unauthorized access to confidential information, such as your login and username for Facebook or the online password for your bank account.
The error exploited by Heartbleed *sometimes* allows an unauthorized user to break the encryption and access protected information. We use the word ‘sometimes’ here because, without going into too much detail, this illegal access is not something that hackers can do at will – it only works in specific situations and at specific times.
In other words, while the Heartbleed threat is real, it is not as constant or looming as many would have you believe. Some stories have already announced the end of online purchasing as we know it, but such claims are overly ostentations. There are concerns that will need to be addressed in the coming months, but fear not – the Internet certainly isn’t going to shut down. In the short term, there are four things you can do to protect yourself.
First, check the website of your router manufacture and find out if there are any firmware updates you can download.
Second, change the passwords of all your online accounts.
Third, keep a close eye on your personal and banking information.
Fourth, make a hard copy of all your critical data and store it off-network.
The LOK-IT drive is an ideal choice for short term data storage during this crisis; while there are a number of encrypted flash drive options available out there, the LOK-IT is the only one with a physical hardware lock that prevents all electronic communication, rendering any data stored on the LOK-IT completely safe from the Heartbleed exploit.
Change your passwords, check for router firmware, watch your accounts, and pick up a LOK-IT today to keep your critical data protected.
Unencrypted USB Drive Contained Confidential Patient Data
April 7, 2014 An advisory has been issued by the Michigan Department of Community Health in the wake of the theft of an unencrypted USB drive and laptop computer from the office of the Michigan Long Term Care Ombudsman. While no suspects have yet been apprehended, it is known that the thieves made off with a large number of patient records, many of which included sensitive financial information.
Contained on the laptop and flash drive were 2,595 patient records from MDCH, each of which included personal information, health information, and treatment details. More importantly, 1,539 of these stolen patient files contained Social Security o Medicaid identification numbers – and this data could be used to forge the identities of the affected individuals.
The Chief Deputy Director of the Michigan Department of Community Health, Nick Lyon, recently issued a press release wherein he stated that “MDCH takes any potential breach of security with the utmost seriousness and sincerely regrets that this breach occurred. We are working swiftly to notify any individuals who may have been impacted and with staff to tighten our security procedures going forward.”
Making good on his promise, Lyon issued a further statement that MDCH would be picking up the tab for credit monitoring services for those patients who had sensitive financial information stolen in the breach. He further promised to devote his full attention to assisting officials with the ongoing investigation and to revisiting existing MDCH data security policies to ensure that this type of thing never happens again.
If only MDCH had already established a policy that all patient data should be kept on encrypted data storage devices, this entire debacle could have been avoided. Mr. Lyon would be well served to take a look at the LOK-IT drive from Systematic Development Group – the LOK-IT is unique in that it provides double the protection of simple encryption by adding an additional hardware lock that can only be opened by entering a secure key code in the attached keypad.
It is long past time that all health care providers mandated the use of encrypted storage media for any confidential patient information. The LOK-IT drive is an ideal solution, and costs far less than providing credit monitoring services to 1,500 angry patients.