Following computer security best practices can help avoid identity theft in healthcare facilities
NEW YORK, — Absolute(R) Software Corporation, the leading provider of firmware-based, patented, Computer Theft Recovery, Data Protection and Secure Asset Tracking(TM) solutions today announced that it has identified the five computer security risks healthcare facilities most often face in preventing identity theft caused by data breaches. Identity theft as a result of stolen or misplaced computers that contain sensitive information is an escalating problem. According to privacyrights.org, there were at least 46 US data breaches involving 62 stolen or lost computers at healthcare facilities in 2007, resulting in almost five million compromised identities.
The recent identity theft epidemic is especially evident at healthcare facilities, where a stolen computer could potentially contain the most personal of information for thousands of people. Through its work with healthcare organizations, Absolute has identified the computer security risks most often faced by hospital systems, health management organizations and others with responsibility for electronic protected health information:
Top Five Healthcare Computer Security Risks
1. Failure to Protect Sensitive Data Beyond Encryption
According to the 2003 Health Insurance Portability and Accountability Act HIPAA) Security Rule, healthcare organizations must encrypt electronic protected health information (EPHI) stored on open networks such as laptops. However, a recent Research Concepts survey found that 72% of IT asset managers believe their own employees - those with access to encryption keys and passwords - were responsible for the most incidents of data breach in their organizations. With lost or stolen mobile computers cited as the cause of nearly 50% of data breaches, healthcare organizations must complement encryption with the ability to remotely delete EPHI from missing computers for the highest level of data protection.
2. Inability to Accurately Manage Mobile Computer Assets
In order to achieve HIPAA compliance, healthcare organizations must be able to audit how many computers they have in their inventory, where they are assigned, who is logging into them, what software is installed and where the computer is physically located. However, recent studies show that most organizations are able to locate only 60% of their mobile computer assets. Internet-based, firmware-persistent IT asset management solutions such as Computrace can provide visibility into as much as 99.7% of a computer population - regardless of computer location.
3. Sensitive Information on Public Terminals
Many healthcare facilities allow public information to be accessed on open-air terminals, such as nursing stations, public information terminals and help stations. These workstations are at great risk of data breaches and information can be easily accessed and downloaded. Unattended stationary computers should always be monitored and protected with an authentication prompt.
4. Difficulty Implementing a Comprehensive Data Security Plan
Healthcare facilities need to institute a comprehensive data security plan to secure computing assets and sensitive information. Asset tracking and recovery software should be part of a comprehensive approach, which also includes cable locks, encryption software and secure passwords. The plan needs to be reviewed and updated consistently to ensure maximum effectiveness.
5. Reluctance to Create a Data Breach Policy
Few healthcare facilities have ‘nightmare scenario’ policies in place should a data breach occur. In the event of a data breach, there should be a standard procedure in place for timely notification of supervisors, law enforcement, patients and the media. In a data breach situation, computer theft recovery software solutions such as Computrace have the capability to remotely delete sensitive files, track lost or stolen computers and partner with local law enforcement to recover them.
The above list is not intended to be exhaustive and alone should not be taken as a substitute for a comprehensive data security plan to meet customer needs. To assist with the creation of such a plan, you can learn more about Absolute’s approach to data breach prevention in healthcare by downloading “Compliance, Protection, Recovery: a Layered Approach to Laptop Security for Healthcare Organizations” at:
For more information on Absolute and its range of Computer Theft Recovery, Data Protection and Secure Asset Tracking(TM) solutions, please visit www.absolute.com or www.lojackforlaptops.com/.
About Absolute Software
Absolute Software Corporation (TSX: ABT) is the leader in Computer Theft Recovery, Data Protection and Secure Asset Tracking(TM) solutions. Absolute Software provides organizations and consumers with solutions in the areas of regulatory compliance, data protection and theft recovery. The Company’s Computrace(R) software is embedded in the BIOS of computers by global leaders, including Dell, Fujitsu, Gateway, General Dynamics Itronix, HP, Lenovo, Motion, Panasonic and Toshiba, and the Company has reselling partnerships with these OEMs and others, including Apple. For more information about Absolute Software and Computrace, visit www.absolute.com.
Forward-Looking Statements
This press release contains forward-looking statements that involve risks and uncertainties. These forward-looking statements relate to, among other things, the expected performance of our services and products and other expectations, intentions and plans contained in this press release that are not historical fact. When used in this press release, the words “plan,” “expect,” “believe,” and similar expressions generally identify forward-looking statements. These statements reflect our current expectations. They are subject to a number of risks and uncertainties, including, but not limited to, changes in technology and general market conditions. In light of the many risks and uncertainties you should understand that we cannot assure you that the forward-looking statements contained in this press release will be realized.
(C)2008 Absolute Software Corporation. All rights reserved. Computrace and Absolute are registered trademarks of Absolute Software Corporation. Computrace U.S. patents # 5,715,174, # 5,764,892, # 5,802,280, # 5,896,497, # 6,244,758, # 6,269,392, # 6,300,863, and # 6,507,914. Canadian patents # 2,284,806 and # 2,205,370. U.K. patents # EP793823 and # GB2338101. German patent # 695 125 34.6-08. Australian patent # 699045. The Toronto Stock Exchange has neither approved nor disapproved of the information contained in this news release.
Source: Absolute Software Corporation
Contact
Public Relations: Leslie Campisi, Affect Strategies, leslie@affectstrategies.com, or (212) 398-9680 x144; Investor Relations: Dave Mason, CFA, The Equicom Group, dmason@equicomgroup.com, or (416) 815-0700 x237