Following computer security best practices can help avoid identity theft in
healthcare facilities
NEW YORK, March 19 /PRNewswire-FirstCall/ - Absolute(R) Software
Corporation ("Absolute" or the "Company") (TSX: ABT), the leading provider of
firmware-based, patented, Computer Theft Recovery, Data Protection and Secure
Asset Tracking(TM) solutions today announced that it has identified the five
computer security risks healthcare facilities most often face in preventing
identity theft caused by data breaches. Identity theft as a result of stolen
or misplaced computers that contain sensitive information is an escalating
problem. According to privacyrights.org, there were at least 46 US data
breaches involving 62 stolen or lost computers at healthcare facilities in
2007, resulting in almost five million compromised identities.
The recent identity theft epidemic is especially evident at healthcare
facilities, where a stolen computer could potentially contain the most
personal of information for thousands of people. Through its work with
healthcare organizations, Absolute has identified the computer security risks
most often faced by hospital systems, health management organizations and
others with responsibility for electronic protected health information:
Top Five Healthcare Computer Security Risks:
--------------------------------------------
1. Failure to Protect Sensitive Data Beyond Encryption
According to the 2003 Health Insurance Portability and Accountability Act
(HIPAA) Security Rule, healthcare organizations must encrypt electronic
protected health information (EPHI) stored on open networks such as
laptops. However, a recent Research Concepts survey found that 72% of IT
asset managers believe their own employees - those with access to
encryption keys and passwords - were responsible for the most incidents
of data breach in their organizations. With lost or stolen mobile
computers cited as the cause of nearly 50% of data breaches, healthcare
organizations must complement encryption with the ability to remotely
delete EPHI from missing computers for the highest level of data
protection.
2. Inability to Accurately Manage Mobile Computer Assets
In order to achieve HIPAA compliance, healthcare organizations must be
able to audit how many computers they have in their inventory, where they
are assigned, who is logging into them, what software is installed and
where the computer is physically located. However, recent studies show
that most organizations are able to locate only 60% of their mobile
computer assets. Internet-based, firmware-persistent IT asset management
solutions such as Computrace can provide visibility into as much as 99.7%
of a computer population - regardless of computer location.
3. Sensitive Information on Public Terminals
Many healthcare facilities allow public information to be accessed on
open-air terminals, such as nursing stations, public information
terminals and help stations. These workstations are at great risk of data
breaches and information can be easily accessed and downloaded.
Unattended stationary computers should always be monitored and protected
with an authentication prompt.
4. Difficulty Implementing a Comprehensive Data Security Plan
Healthcare facilities need to institute a comprehensive data security
plan to secure computing assets and sensitive information. Asset tracking
and recovery software should be part of a comprehensive approach, which
also includes cable locks, encryption software and secure passwords. The
plan needs to be reviewed and updated consistently to ensure maximum
effectiveness.
5. Reluctance to Create a Data Breach Policy
Few healthcare facilities have 'nightmare scenario' policies in place
should a data breach occur. In the event of a data breach, there should
be a standard procedure in place for timely notification of supervisors,
law enforcement, patients and the media. In a data breach situation,
computer theft recovery software solutions such as Computrace have the
capability to remotely delete sensitive files, track lost or stolen
computers and partner with local law enforcement to recover them.
The above list is not intended to be exhaustive and alone should not be
taken as a substitute for a comprehensive data security plan to meet customer
needs. To assist with the creation of such a plan, you can learn more about
Absolute's approach to data breach prevention in healthcare by downloading
"Compliance, Protection, Recovery: a Layered Approach to Laptop Security for
Healthcare Organizations" at: http://www.absolute.com/HCPR.
For more information on Absolute and its range of Computer Theft Recovery,
Data Protection and Secure Asset Tracking(TM) solutions, please visit
www.absolute.com or www.lojackforlaptops.com/.
About Absolute Software
Absolute Software Corporation (TSX: ABT) is the leader in Computer Theft
Recovery, Data Protection and Secure Asset Tracking(TM) solutions. Absolute
Software provides organizations and consumers with solutions in the areas of
regulatory compliance, data protection and theft recovery. The Company's
Computrace(R) software is embedded in the BIOS of computers by global leaders,
including Dell, Fujitsu, Gateway, General Dynamics Itronix, HP, Lenovo,
Motion, Panasonic and Toshiba, and the Company has reselling partnerships with
these OEMs and others, including Apple. For more information about Absolute
Software and Computrace, visit www.absolute.com.
Forward-Looking Statements
This press release contains forward-looking statements that involve risks
and uncertainties. These forward-looking statements relate to, among other
things, the expected performance of our services and products and other
expectations, intentions and plans contained in this press release that are
not historical fact. When used in this press release, the words "plan,"
"expect," "believe," and similar expressions generally identify
forward-looking statements. These statements reflect our current expectations.
They are subject to a number of risks and uncertainties, including, but not
limited to, changes in technology and general market conditions. In light of
the many risks and uncertainties you should understand that we cannot assure
you that the forward-looking statements contained in this press release will
be realized.
(C)2008 Absolute Software Corporation. All rights reserved. Computrace
and Absolute are registered trademarks of Absolute Software Corporation.
Computrace U.S. patents # 5,715,174, # 5,764,892, # 5,802,280,
# 5,896,497, # 6,244,758, # 6,269,392, # 6,300,863, and
# 6,507,914. Canadian patents # 2,284,806 and # 2,205,370.
U.K. patents # EP793823 and # GB2338101. German patent
# 695 125 34.6-08. Australian patent # 699045. The Toronto Stock
Exchange has neither approved nor disapproved of the information
contained in this news release.
SOURCE Absolute Software Corporation
Public Relations: Leslie Campisi, Affect Strategies,
leslie@affectstrategies.com, or (212) 398-9680 x144; Investor Relations: Dave
Mason, CFA, The Equicom Group, dmason@equicomgroup.com, or (416) 815-0700
x237
