secrisks2013At the 2014 RSA Conference in San Francisco this year, speakers in all aspects of security agreed: encryption is the key component of software-defined perimeter. The future is encryption, for Enterprise, MDMs, Secure Containers — everything.

But the future is now, and unfortunately in the form of a class action lawsuit. In February 2014, eight unencrypted laptops were stolen from a healthcare billing vendor that provides billing services to LA County Department of Health, causing a breach that has affected 168,500 patients.  And in March 2014 both LA County and Sutherland Healthcare Services were named in a class action lawsuit, first brought by an unidentified female patient for violation of regarding privacy and disclosure practices. According to California Health and Safety Code 1280. 15, affected parties must be notified of a breach within five days, but Sutherland knew of the breach a month prior to contacting. The laptops held personal information including social security numbers, dates of birth, billing, and medical histories.

Monetary damages to both LA County and Sutherland are likely to exceed the typical costs for legal fees and award. Victims of identity theft as a result of a data breach now know that they can be at risk for many years to come. Complimentary credit report monitoring service is not enough, no matter how long it is provided.

EdgeWave help Health Care organizations maintain HIPPA privacy rules, and can help them evaluate their systems for end to end data security and policy compliance, and mitigate risks. Visit https://www.edgewave.com/ or call 1 800 782 3762 for a live conversation.