Walking Hard Drives, or Why Your Data is Not Safe Without Encryption
Healthcare Info Security reported April 8 that Providence Hospital in Southfield, Michigan has lost a hard drive. It contained patient information as well as some proprietary business and employee information.
This incident is a drop in the proverbial bucket of data breaches. The Privacy Rights Clearinghouse tracks data breaches and notes that to date in 2010, more than 4 MILLION confidential records have been lost or stolen. While some of these were attacks to networks, many were simply lost or stolen drives. The costs of such data breaches continue to escalate - each incident can mean heavy fines, lawsuits and lost business.
What are the answers? For one, organizations have to set and enforce effective data management policies. Second, they need to use available technology to protect data. TCG has created the self-encrypting drive industry standards (http://www.trustedcomputinggroup.org/solutions/data_protection). Many drive makers now build drives to support these specs, which provide for transparent, on-the-fly, instantaneous data encryption right IN the hard drive. Users don't have to choose to use it or manipulate it, and it does not impact system performance. When administrators want to re-use or scrap the drives, the spec enables instant erase.
Let's think about using what we have and doing what we need to do to protect against these needless incidents.
Categories: Data Protection, News & Events