Medical Flash Drive Encryption: Praxis Care Isle Of Man Data Breach Affects 107.

Praxis Care has admitted and apologized for the loss of a USB flash drive that was lost.  It contained information on 107 patients and was not protected.  The provider of services to people with learning disabilities and mental health conditions has since deployed data encryption software like AlertBoot to ensure similar incidents don’t occur in the future.

First Time in 30 Years

The patient information breach occurred when data was being transferred between two computers.  Instead of using a crossover cable or using a LAN, a USB disk was used.  Apparently, the flash device was not wiped after the job of transferring files was finished.  Had that particular step been taken, the use of encryption software would not have been necessary, nor would there have been a data breach.

Unfortunately, that critical step was not taken and as a result the information belonging to 107 people was lost.  The breached data included names, dates of birth, addresses, and maybe the name of a worker who has helping the patient.  In some cases, physical and mental health information was included.

What’s unbelievable about this story, though is the following statement by Praxis Care a director:

“Clearly this is a major incident. Praxis Care has been operating for 30 years (12 years in the Isle of Man) and we haven’t been involved in such an incident.”

Wow.  Thirty years without a single case where patient data was stolen or went missing?  That’s a heck of an achievement.

Vicissitudes of Life: Data Breaches

I don’t doubt Praxis Care’s claim regarding its breach history (or lack thereof).  The thing about data breaches is that, if you’re very careful, the odds of having a breach are minimal.  But, that’s a good as it gets: minimal. Not non-existent, not zero, but minimal.  This was the case before the appearance of computers.  For example, someone breaks a window and steals documents.

Arguably, the same care that Praxis exercised over the past 30 years would have meant an untarnished record: it is just a matter of deleting the data on the USB key.  This is hardly something out of one’s control, like remembering to lock up a file cabinet or remembering to shred any patient files meant to be discarded.  Blaming this latest breach on “technology” would be confusing the issue at hand.

On the other hand, the presence of computers does mean a general, concomitant increase in information breaches.  For example, SQL injections (which accounted for all the major on-line breaches this past summer) are new and can only exist as part of a digital world.  While known attacks are preventable, unknown vulnerabilities are not (unknown to the good guys but known to the bad guys, that is).

It’s just another way of pointing out that the adoption of new technologies and tools allows both good and bad guys to do more with less, and to find new ways of doing old things in new ways.

That’s why data protection tools like AlertBoot’s encryption SaaS were created.  While losing information is not a new problem (think: leaving a briefcase with confidential reports in the train), the impact of it can reach extreme proportions (think: that briefcase contains all of your ogranization’s reports…for the past 10 years).

Related Articles and Sites:

Comments (0)

Let us know what you think