A recent article posted in Information Week details some interesting trends related to USB Flash Drive usage and security. According to the story “In the past two years, 70% of businesses have traced the loss of sensitive or confidential information to USB flash memory sticks”
Flash drives are incredibly useful; however, as the Information Week article shows, their tiny size and massive storage capacity make them a security threat as well. Although encryption seems like it would be a requirement for organizations dealing with sensitive data, it seems that more often than not, flash drives aren’t encrypted.
With that in mind, here is a list of recent flash drive security snafu’s:
A Contractor Loses Hundreds of Bank Account Details, Leaving Them at a Pub.
London – A contractor loses a thumb drive containing thousands of records of tenants information along with 800 records with bank account details.
HIPAA Auditor Involved in Own Data Breach
West Orange, NJ - KPMG, LLP, the company hired by the Office for Civil Rights (OCR) to conduct nationwide HIPAA privacy and security compliance audits, was responsible for a breach that includes the loss of an unencrypted flash drive affecting more than 4,500 patient records.
Detroit Hospital Suffers Second Data Breach Within a Year
Detroit, MI - An employee at Henry Ford Health System in Detroit loses a thumb drive with information on 2,777 patients.
Philadelphia Family Planning Council Data Breach Affects 70,000 Patients
Philadelphia, PA - A USB flash drive containing information on 70,000 patients was stolen.
Unencrypted FirstGroup America Applicant Data on Lost Flash Drive
Cincinnati, OH – A flash drive containing the names, addresses, dates of birth, Social Security Numbers, and information about applicants’ criminal convictions was lost by First Transit on a bus in Cincinnati.
------------------------------------------
Data breaches like these can lead to costly fines, negative press for your organization, and loss of customer confidence in your brand.
Many of these data breaches could have been prevented with something as simple as the use of a secure, encrypted flash drive. Why more organizations haven’t made encrypted flash drives mandatory is a mystery. Although they are slightly more expensive than unencrypted flash drives, they provide security to prevent issues like those referenced above and can very well save money in the long term.