HIPAA Blog

[ Wednesday, July 09, 2008 ]

Latest Data Breach, with an interesting twist: Peer-to-peer or filesharing arrangements allow people to share music, movies, and other items downloaded to their computers. But they can also be used to by a hacker to sniff around in other parts of the participant's computer, which is exactly what lead to the latest data breach to hit the news. An investment firm employee file-shared on LimeWire, and as a result lots of personal information about the firm's clients (who include some pretty high-profile people, such as Supreme Court Justice Stephen Bryer) was exposed to the public.

Two easy lessons: (i) don't file-share on a computer that has other personal information on it, or at least be very careful about how you do it; and (ii) if you operate a business that has/stores/uses personal information, prevent file-sharing on company computers entirely.

Jeff [10:15 AM]

Comments:

Outlawing P2P file sharing on company computers is a good policy for preventing data breaches but it needs to be accompanied with a corporate solution for securely sharing files. Secure file transfer solutions should include data encryption, transmission over secure channels such as SSL, recipient authentication and reporting and tracking services to demonstrate HIPAA compliance. If businesses don't have a secure method in place employees will find unsecure workarounds.

# posted by

PaulaS : 12:44 PM