A doctor’s hands holding a glowing, floating shield with a cross

Protect Private Mobile Data in Healthcare

Jul 2022
Blog Home
A man on a computer wearing a hoodie representing a hacker
The requirements to guard against patient information leaking mean there are compelling reasons to ensure private mobile data is protected at all times. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law which prevents the disclosure of sensitive patient health information without the consent or knowledge of the patient. This means, when healthcare professionals store patients’ protected health information on portable storage devices such as SSDs or USBs, these devices should prevent unauthorized users from viewing any information. This will offer more security in the event of a device being lost, misplaced, or stolen. The United States is not the only country or region with this kind of data protection legislation applicable to medical patient records. The EU has the European Union Data Protection Directive (EUDPD), the UK has the Data Protection Act, Japan has the Personal Information Protection Act, and Australia has the Australian Privacy Act.
The hands of several people using laptops, tablets and mobile phones surrounded by padlock symbols
Between reputational damage, litigation, and other costs associated with the loss of patient PII (Personal Identifiable Information), healthcare organizations are highly incentivized to prioritize data security. According to the 2021 IBM Cost of a Data Breach report, the typical cost of a data breach in the healthcare sector far outstrips other industries: $9.23 million in 2021, compared to the average of $4.24 million. This heavy toll is up from $7.13 million in 2020, almost a 30% increase. Considering this in the greater context of a 50% surge in cyberattacks on corporate networks for 2021, it has never been more crucial for hospitals, healthcare providers, and insurers to take the risk out of data mobility.

Protecting Mobile Data with Encryption

The best way to provide a high level of security and prevent expensive data breaches is via encryption. Encryption can be either hardware- or software-based. However, a hardware-centric (software-free) encryption approach to data security is the most effective means of combating unauthorized access to private healthcare-related information. Encrypted USB drives are an excellent, easy-to-use solution to protecting personal data from becoming public when it is necessary to transport it.

Hardware-Based vs Software-Based Encryption

A computer graphic with Access Denied spelled out in LED segment font

Hardware-encrypted USB drives offer exceptional security and data protection. They abide by strict industry standards, reducing risks from missing drives. They are self-contained, requiring no software on the host computer to operate. This means that they have cross-platform compatibility, a great benefit to those working in a mixed OS and device environment. This also prevents common attack vectors such as sniffing, brute force, and memory hash attacks from working, since there is no vulnerable software handling the encryption.

Many of the industry’s most secure hardware-based encrypted USB drives use AES 256-bit encryption in XTS mode. This level of encryption ensures that anyone who comes across the drive cannot easily hack the password to access the information. Trying to ‘brute force’ the password is not possible either, as the drive’s data becomes completely inaccessible after a preset number of incorrect password guesses.

However, on top of the limited amount of password attempts, digitally signed firmware helps protect against BadUSB as another layer Kingston encrypted USBs offer. Some encrypted USB drives have additional physical layers of protection, such as epoxy-dipped or filled cases, preventing access to the physical memory itself.

Software-based encrypted drives are designed differently and are more vulnerable to attacks. The encryption is not done on the USB drive at all. These drives share the user’s computer resources with other programs that could be malicious. A software program on the computer encrypts the data which is then stored on the USB drive. A software program must then be run to decrypt the data and read it back. This program often needs to be updated. This can be an impediment to remote workers, who must continually keep up to date on software and driver updates to securely access their stored data, workspace, or applications. It may seem like the cheaper solution but learning after the fact what the expense of your company’s and patient’s data is after a breach becomes exponentially more.

When considering which encrypted drive to use, think carefully about your patients’ care and the responsibility you have for their private mobile data. The right drive for your use case is out there: in many circumstances, it is best to start your search with hardware-based options such as Kingston IronKey USB drives. As well as offering more robust and reliable data protection, they offer user-friendly solutions that simplify the procedure of securely accessing stored data, while compromising none of the rigorous military-grade encryption that makes them nigh-impregnable.

#KingstonIsWithYou #KingstonIronKey

Related Videos

Trisha holding a giant 2.5” SSD next to a M.2 SSDs with a lock and Windows icon 5:02

Software vs Hardware Based Encryption

There are two main types of encryption - software encryption and hardware encryption.

Related Articles

Blog Home