Origin Storage says Canadian health data theft highlights case for multi-layered drive security
And, says Andy Cordial, the MD of the storage systems specialist, the drive theft incident at Misercordia Hospital in Edmonton, Alberta, shows that - no matter what security policies an organisation has in place surrounding data security - hard-pressed staff will often take the easy option and ignore procedure.
"So what is the solution? Clearly security policies surrounding the security of patient data were in place at this hospital, but they just weren't followed, so the answer has be to introduce multiple layers of security, which staff simply cannot circumvent, even if they want to," he said.
"Our own DataLocker range of PIN-protected portable hard drives (http://bit.ly/2vb6y9) is a good example of a multi-layered security system. Users can still have the benefit of AES encryption on the drive for security, but as an added measure, users must also know the passphrase of the security unit, without which they cannot access the data," he added.
According to Cordial, had the Edmonton hospital used such a device even if the thief walked off with the drive, the unit would have locked automatically, meaning that access to the data would have been prevented.
Using this approach to data security, says the Origin Storage MD, is an ideal way of bolstering the existing data security defences in an organisation, in situations where existing IT security policies cannot be fully applied.
Origin's observations amongst its many customers, he says, is that data needs protecting whether it is at rest or in transit and, whilst encryption offers an excellent form of protection, adding extra layers of security in portable or back-up situations makes a lot of sense.
"Had this incident happened in the UK, the Information Commissioners Office would have been on to the health body concerned very quickly indeed, and at the very least, publicly secured a written guarantee from managers that a change of security procedures - to prevent a recurrence - would take place," he said.
"That means that management heads will roll if an infringement of the Data Protection Act occurred again. This sort of incident - and the consequential publicity plus investigations that result - has a curious habit of significantly grabbing managerial attention," he added.
"Using multi-layered technology can not only avoid a data loss for whatever reason, it can also avoid dragging your organisation's reputation through the mud, as has clearly happened with this hospital."
For more on Origin Storage: www.originstorage.com
For more on Edmonton hospital patient data disk theft: http://bit.ly/fNb5IX
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
Öffentliche Sicherheit kontra IT-Sicherheit
Der Einsatz des “Bundestrojaners”, der Hack des Telegram-Messengers und der derzeit kolportierte “Hackback” zeigen, dass der Staat gewillt ist zur vermeintlichen Herstellung der Öffentlichen Sicherheit - unter Zuhilfenahme von Schwachstellen in IT-Produkten - zu hacken. Jedoch gefährdet er damit die IT-Sicherheit, nicht nur in Deutschland. Es braucht daher klare Regeln für den verantwortungsbewussten Umgang des Staates mit Schwachstellen in IT-Produkten.Weiterlesen