The healthcare company revealed that it cannot locate six hard-drive disks containing personal information on patients who have had lab services there from 2009-2015. Unthinkable! Security experts from Intralinks have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Daren Glenister, Field CTO of Intralinks:
“Significant data breaches such as this Centene Corp breach are an almost weekly occurrence (or more, if you consider how many breaches go undetected), and clearly there are still many lessons to be learned when it comes to storing and sharing personally identifiable information. Security experts frequently stress the importance of encrypting data when storing it on portable devices, but this simply isn’t happening despite years of such warnings. In this case: Centene Corp hasn’t declared if the data was encrypted or not – and security experts will draw their own conclusions there. Rather than allow the use of portable storage devices where sensitive information is at stake, companies should look to modern cloud services that can maintain protection and track access to information, enabling data owners to monitor and withdraw access to keep information protected even after it’s been downloaded.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Richard Anstey, CTO EMEA, Intralinks:
“Significant data breaches such as this Centene Corp breach are an almost weekly occurrence and clearly there are still many lessons to be learned when it comes to storing and sharing personally identifiable information (PII). Security experts frequently stress the importance of encrypting data when storing it on portable devices. Despite years of such warnings, this simply isn’t happening. In this case: Centene Corp hasn’t declared if the data was encrypted or not – and security experts will draw their own conclusions there.
“It’s clear that a better solution is not to allow the use of portable storage devices at all where sensitive information is at stake. Instead, modern cloud services can maintain protection and track access to information, enabling data owners to monitor and withdraw access to help protect information even after it’s been downloaded. Modern security technologies allow for much greater security and much higher levels of control over the flow of information, eliminating the risk of physical storage devices being misplaced or stolen. Security becomes an inherent part of the process, rather than something that someone needs to be specially trained to implement.
“The EU General Data Protection Regulation (GDPR) is expected to be finalised in spring, and will come into effect two years later. Under the new regulation, serious data breaches could be punishable by maximum fines of up to €20m, or up to 4 percent of global annual turnover. Clearly these fines are hugely significant, and should act as a very real incentive for companies to get their data security and protection in proper order.”[/su_note]
[su_box title=”About Intralinks” style=”noise” box_color=”#336588″]Intralinks Holdings, Inc. (NYSE: IL) is a leading, global technology provider of secure enterprise content collaboration solutions. Through innovative Software-as-a-Service solutions, Intralinks software is designed to enable the exchange, control and management of information between organisations securely and compliantly when working through the firewall. More than 3.1 million professionals at 99% of the Fortune 1000 companies have depended on Intralinks’ experience. With a track record of enabling high-stakes transactions and business collaborations valued at more than $28.1 trillion, Intralinks is a trusted provider of easy-to-use, enterprise strength, cloud-based collaboration solutions.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.