Failure to Ensure Proper Encryption Could Lead to Major Consequences
Encryption was once a mysterious concept in the technology and communications sector, surrounded by misconception and an overall lack of awareness. But the proliferation of mobility, cloud computing and massive numbers of connected devices has changed the perception of encryption, particularly in the business sector.
Encryption makes headlines today, and is an important tool for organizations in all types of vertical markets. According to a recent blog post from Intermedia, a company specializing in cloud hosted communications services, the focus has shifted to discussing the value and tradeoffs inherent when strong encryption is used.
For instance, Apple’s iPhone encryption and the FBI’s repeated requests to access encrypted data have been subject to massive controversy. And the FTC is also getting involved, accusing dental software provider Henry Schein Practice Solutions of failing to properly encrypt dentists’ patient data. The charges, based on the software company’s failure to comply with HIPAA privacy mandates, resulted in a $250,000 settlement fine.
“The security of patient data is of particular concern to dentists and other healthcare providers because of their obligations under HIPAA,” wrote the FTC in its summary of the case. “According to the FTC, Schein was aware of the recommendation of AES, knew about the HHS safe harbor for encrypted data, and understood why encryption would be a key selling feature for dentists. So the company hit that point hard in its promotional material.”
And yet Schein didn’t use an established encryption standard like AES in its Dentrix G5 offering, but instead chose a less secure proprietary algorithm. That choice got the company in major trouble, incurring both financial and reputation damage as a result of the FTC action.
Encryption has become very serious business, and its importance extends well beyond the healthcare sector to areas including finance and manufacturing. Companies like Intermedia help their customers ensure their encryption is up to industry standards and in compliance with mandates like HIPAA, FINRA, SOX, GLBA and more. Failure to ensure proper encryption is in place is simply a risk few companies can afford to take.
Edited by Alicia Young