Healthcare News & Insights

USB drives create new security risks for healthcare providers

USB thumb drives offer a convenient way to transport documents between offices or move data between work and home. But healthcare providers should take steps to minimize the security risks created by those portable drives. 

Professionals in all industries are becoming more mobile, and health care is no exception. Doctors and other staff often bring work home with them or must transfer data between different locations.

For many organizations, that’s led to an increased focus on securing smartphones and other mobile devices. But there are other ways increased mobility can create risks for the security of sensitive health information — including the dangers caused by portable storage devices.

Healthcare providers should plan for these security threats introduced by USB drives:

1. Lost or stolen USB drives

Probably the biggest threat is that a clinician or staffer will lose a USB drive holding protected health information or other sensitive data. That’s what happened recently at the University of Texas MD Anderson Cancer Center, which suffered a data breach after a trainee misplaced an unencrypted USB drive on an employee shuttle bus. The drive contained about 2,000 medical records.

2. USB malware

USB drives often get passed around and are handed out for free at conferences and other events. That means many people use thumb drives without knowing where they’ve been before, making USB drives an effective way to spread computer viruses. A study last year looked at a sample of USB drives that were lost and recovered at a train station in Sydney, Australia, and found that a whopping two-thirds were infected with malware.

3. Insider threats

USB drives also give malicious insiders a convenient method for sneaking sensitive information off of a healthcare organization’s premises. Their portability and capacity make those devices useful for transporting a lot of data without being caught.

Keys for secure USB drives

What can healthcare organizations do about those risks? Experts recommend IT departments:

  • Provide encrypted drives for people that have to use them
  • Disable USB ports for employees who don’t need them
  • Disable auto-play for USB drives, and
  • Train employees not to use drives if they don’t know where they came from, and not to open unknown files contained on drives.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.