Home » Blog

Blog

Posts Tagged with "ENCRYPTION"

Webinar: Encryption on the IBM i Platform

Do you need to encrypt sensitive data on the IBM i, but are unsure how to get started or which techniques are best?

Encryption is essential for protecting sensitive data like credit card numbers, social security numbers, birth dates and other PII information. It is also critical for meeting compliance requirements like PCI DSS, HIPAA and State Privacy Laws.

Encryption on the IBM i Platform

This webinar is your chance to learn the basic methods of encrypting data on the IBM i, whether if it is stored within your database files or transmitted to your trading partners. During the webinar, you will learn about these key topics:

  • Exploring the basics of Encryption
  • Hashing vs Encryption
  • Introduction to Key Management
  • Database Field Encryption
  • Open PGP Encryption
  • SFTP and FTPS protocols

You are invited to join us for this free webinar. Linoma Software's senior IBM i engineers will be on hand during to answer your encryption questions.

To reserve your place, and to learn more about the webinar, visit the registration page. Don't delay, register today.

If you're unable to attend, we are recording the webinar and will make it available on our website.

Linoma Software celebrates 20 Year Anniversary

Linoma Software-20 Year-FINALLinoma Software is celebrating 20 years in helping organizations around the world to automate their IT processes and protect sensitive data. The company will commemorate this milestone anniversary with the much anticipated unveiling of their new corporate headquarters, groundbreaking new software releases and promotional events throughout the next twelve months.

"From the beginning, our goal has been to provide great products at affordable prices that are backed with unparalleled customer support and service," said Linoma Software founder, Bob Luebbe. "We attribute our success over the last 20 years to this simple company philosophy. It encompasses all that we do."

Looking Back: A Modest Beginning

Husband and wife team, Bob and Christy Luebbe, started Linoma out of their home in 1994 to provide IT consulting and contract programming services to area businesses. The concept was simple, in that they offered experienced IT talent for affordable rates.

By late 1995, the Luebbes had hired several consultants to service their expanding customer base which included Fortune 500 companies such as Union Pacific, First Data Resources and Hewlett-Packard. They also officially opened their first office in Omaha, Nebraska to offer offsite programming services to out-of-state customers.

Around 1996, Bob had an idea for a product that addressed the challenge of converting legacy IBM RPG code to the new RPG IV (ILE RPG) language. During his off hours, Luebbe built the Convert to ILE RPG software, named it CVTILERPG and released it on a programming list server as a downloadable file. This proved to be a move that was ahead of its time as most software for IBM systems was distributed by mail and installed using cumbersome tapes.

BobLuebbeLinomaSoftwareCVTILERPG became an overnight success as a convenient-to-install and affordable utility, which paved the way for Linoma to evolve into a software company. Many of the original users of CVTILERPG (now called RPG Toolbox) are still loyal customers today.

Finding ways to make tasks easier and more efficient has always been the core of Linoma Software's approach to software development. From creating graphical interfaces for the AS/400 in 1997 with Surveyor/400, to the debut of Transfer Anywhere in 2002, to encrypting databases with Crypto Complete in 2007, Luebbe and his growing R&D team continued to innovate and streamline processes for the IBM i. As new products were developed and released, Linoma put an emphasis on affordability and five-star support, which the company is known for.

The release of GoAnywhere Director in early 2008 was a turning point for the company. Quickly becoming the flagship product for Managed File Transfer and secure data exchange, the multi-platform software delivered full automation, encryption and detailed audit trails for file transfers. Following shortly after in 2009, the introduction of GoAnywhere Services expanded the product offering to support secure file services using FTP, FTPS, SFTP and HTTP protocols. GoAnywhere Gateway joined the product suite in 2010 with enhanced forward and reverse proxy to protect files in the DMZ.

LinomaSoftware2014 Looking Forward: Success through Innovation

As the GoAnywhere software suite continues to grow and evolve, the company has grown as well. Linoma Software has been named to the Inc. 5000 list of top growing companies in Nebraska for the past two years. Their customer base consists of over 3,000 installations worldwide including government entities, large corporations and mid-sized companies. Boasting over a 98% customer retention rate, Linoma Software continues to win customers over through innovation, affordable product offerings and responsive product enhancements.

According to Luebbe, "Several of our customers have been with us since the beginning. They love the products and rave about our support. We're thrilled to be celebrating 20 years and it's because our customers truly appreciate what we do. Without their trust and support, we wouldn't be here. It's that simple, and we are truly grateful."

Click to Download and Print PDF

Linoma Software products are not affected by Heartbleed bug

Heartbleed bug graphic from heartbleed.comIf you are a Linoma Software customer using any of our products such as the GoAnywhere suite (Director, Services, Gateway, Open PGP Studio), Crypto Complete, Surveyor/400 or the RPG Toolbox, we are pleased to report that our products are NOT vulnerable to the Heartbleed bug.

The CVE-2014-0160 exploit, or Heartbleed bug, has made big headlines over the last 48 hours. The Heartbleed bug exploits vulnerabilities in the popular OpenSSL server software potentially allowing the memory of SSL/TLS encrypted systems to be compromised. The bug essentially allows access to the memory of the SSL/TLS protected systems and attackers can potentially steal and read formerly encrypted information such as usernames and passwords, credit card numbers and other sensitive data. To learn more about the Heartbleed bug please visit Heartbleed.com. Additional resources allow you to check and see if your website or server is affected by the Heartbleed bug: Heartbleed Test and LastPass Heartbleed Checker.

GoAnywhere Suite (Director, Services, Gateway, Open PGP Studio) GoAnywhere does not use native libraries for SSL/TLS and relies on the JSSE libraries of the JVM that GoAnywhere is running on. This exploit does not exist in the JSSE implementation of SSL/TLS. While Tomcat does, however, have the ability to utilize native SSL/TLS capabilities for its HTTP/S connections with the APR Connectors, GoAnywhere does not employ this functionality. GoAnywhere Secure File Transfer mobile apps: For Apple devices: The GoAnywhere Apple app uses the Secure Transport implementation of SSL/TLS and is not affected by Heartbleed. For Android devices: The GoAnywhere Android app uses the JSSE implementation of SSL/TLS and is not affected by Heartbleed.

Surveyor/400: Surveyor/400 does not use native libraries for SSL/TLS and relies on the JSSE libraries of the JVM that Surveyor/400 is running on. This exploit does not exist in the JSSE implementation of SSL/TLS.

Crypto Complete: Crypto Complete does not use SSL/TLS for Field or Backup encryption and is not affected by Heartbleed.

RPG Toolbox: Our RPG toolbox does not use any encryption and is not affected by Heartbleed.

DB2 Field Encryption Has Been Simplified

Compliance regulations like HIPAA and PCI DSS have us all looking for more efficient and secure ways to keep sensitive data protected, especially the personal information fields we've all come to rely on: social security numbers, credit card numbers, birth dates, driver's license numbers, insurance policy ID numbers, etc.

Register for DB2 FieldProcs WebinarFortunately, IBM is working hard to meet the growing demands of companies who must store and share private information and compliance auditors who govern how it must be done. When it released IBM i 7.1, it included a feature for encrypting DB2 form fields to give IT staffs more control.

Surprisingly, not everyone is taking full advantage of these DB2 FieldProcs either because they're not aware of their benefit, or because they're waiting for an even more comprehensive approach.

If you fall into either of these groups, then we've got good news. The Linoma Software team is hosting a webinar next week to share tips for how to maximize the DB2 FieldProcs feature in IBM i 7.1. In addition, we'll provide some options that could give your processes even more functionality, making things more efficient.

We invite you to grab some lunch and join us for "IBM i Field Procedures Simplified with DB2 Field Procedures" on June 13 at noon central. There will be lots of opportunities to ask questions, and we'll also record the webinar so you can share it with your colleagues.

Hope you'll be able to join us!

Simplify Field Encryption on IBM i

Now that corporate applications are easier to access via remote and mobile channels, it's even more important to determine which sensitive data is accessible and where possible breaches may occur. Unfortunately, legions of hackers with Wi-Fi and mobile hacking tools make it imperative that organizations prepare for and defend against potential attacks with even more pervasive security procedures.

One step in creating a stronger defense is to employ field or column-level encryption to protect sensitive data at rest.

Implementing a custom field encryption project on IBM i used to be a notoriously long and painful process. Programming code changes for field level encryption required a steep learning curve, costly programming resources, and even more time in testing, validating and updating the changed application source code. Most companies simply could not justify the additional strain on their budgets for this level of project development requirements.

In response to this challenge, IBM released its OS version 7.1 with DB2 field procedure (FieldProcs) in April of 2010 that greatly simplified the field encryption process. With the new FieldProcs technology, encryption projects can be streamlined because the field procedures are invoked at the database level, making it transparent to the applications. The FieldProcs can be coded to automatically encrypt the field on Inserts and Updates, and subsequently decrypt the field only for authorized users on Read operations. Subsequently, FieldProcs have become very important to those businesses that have legacy applications and limited budgets.

FieldProcs are a great step for improving the viability of field level encryption projects. But even with this, many companies don't have the resources to integrate and manage the FieldProcs which is why third-party software solutions, like Linoma Software's Crypto Complete, are valuable. Crypto Complete will generate and manage the FieldProcs on the fields within the files.

Crypto Complete also includes the key management, audit logs and access controls needed for PCI DSS and data privacy compliance. The value of using Crypto Complete for field encryption cannot be understated as it can greatly minimize the learning curve and reduce the implementation resource requirements from weeks to hours.

What Can We Learn from the LinkedIn Breach?

Today is another unfortunate reminder that no matter the size of a company or its industry, a data breach makes headlines.

Not only does it attract negative attention and erode customer confidence, an announcement that your company's data has or may have been compromised can result in some steep financial penalties. If fines associated with violating regulations like HIPAA or state privacy laws don't get you, potential lawsuits might.

Take LinkedIn, for example. Earlier this month, the social network of business professionals reported that nearly 6.5 million encrypted passwords had been leaked online.

Today, Mashable.com reports that LinkedIn is facing a $5 million civil lawsuit from a user claiming that LinkedIn's security policy violated industry standards for database security.

There really are no lessons for the rest of us to learn from this latest breach, because most of us already know what we're supposed to do.

  • Keep passwords secure, reasonably complex, and change them regularly.data breach
  • Ensure your company is using only the most secure encryption standards like AES or Open PGP.
  • Stay abreast of the latest news and techniques for keeping your company security policies and practices up to date and as impenetrable as possible.
  • Invest in solutions that streamline your data encryption processes, that include comprehensive auditing and reporting tools, and that ensure the security of your data at rest and in motion.

The question is how much longer can you postpone taking these steps to ensure that your company isn't making news next week with an embarrassing and costly data breach?

Tokenization: A Powerful Weapon Against Cyber Attack

Tokenization in the data security world is the process of moving sensitive data from a company network to a separate location or sever, and replacing and referencing that data on the company server with a unique token.

If hackers attempt to access sensitive information like credit card numbers from a server, they'll instead encounter the token which prevents them from finding the original data without a specific encryption key or knowledge of the tokenization system.

Linoma Software GoAnywhere Managed File Transfer SolutionFor example, say a merchant acquires a credit card number by swiping a customer's card with a card reader. If the merchant has implemented tokenization, this card number information is immediately replaced in the merchant's database by a token number while the actual card number is sent and stored (in encrypted form) at a different location, along with the reference from the token.

Because the actual card number is never stored in the merchant's front-end system, hackers have a much more difficult time stealing it. Customers can therefore be assured that it is safe to let that merchant use their card information because the actual credit card numbers are not stored in an easily accessible location.

All organizations that capture credit card data are required by the PCI DSS government regulations to secure and protect this data. Originally, this presented a challenge to the payment industry until Shift4 Corporation presented tokenization solutions at an industry Security Summit in 1995. The adoption of tokenization became a popular solution to meet the PCI DSS compliance regulations.

>>Check out these white papers discussing PCI DSS compliance issues, and data breach threats

Other industries are beginning to adopt tokenization to protect confidential information such as banking transactions, medical records, criminal records, vehicle driver information, loan applications, stock trading and voter registration.

Finding the most efficient way to implement tokenization is challenging, but the growing threat of cyber attack and the expense of data breach have motivated IT shops to research options in earnest.

A variety of third-party software solutions, such as Linoma Software's Crypto Complete, deliver tokenization tools as well as additional options for managing encryption keys, audit logs, message alerts; storing tokenized data; automatically assigning token identifiers; and providing a central management platform for the entire tokenization process.

When a greedy hacker in anticipation of scoring a cache of customer credit card data finds instead a series of tokens, companies win another battle in the war against cyber thieves.

Citigroup Breach Triggers Congressional Response

The data breach at Citigroup in May - a breach which reportedly exposed an estimated 200,000 customer accounts - has motivated members of the U.S. Congress to re-introduce legislation to penalize the very organizations that have been victimized by hackers. What are the next steps your company should take?

New bills to protect consumers' personal data

Linoma Software Managed File Transfer SolutionsTwo bills are proposed by both House and Senate legislators.

First, Sen. Patrick Leahy (D-Vt.) has introduced the Personal Data Privacy and Security Act of 2011. The new bill provides:

  • Tough criminal penalties for individuals who intentionally or willfully conceal a security breach involving personal data;
  • A requirement that companies that maintain personal data establish and implement internal policies to protect data privacy and security; and
  • A requirement that the government ensure sensitive data is protected when the government hires third-party contractors.

This act would also require, under threat of fine or imprisonment, that businesses and agencies notify affected individuals of a security breach by mail, telephone or email "without unreasonable delay." Media notices would be required for breaches involving 5,000 or more people. The FBI and the Secret Service would need to be notified if the breach affects 10,000 or more people, compromises databases containing the information of one million or more people, or impacts federal databases or law enforcement.

But that's not the only security bill that has businesses concerned.

In the House, Rep. Mary Bono Mack (R-Ca) is holding hearings in preparation of a bill she's named The SAFE (Secure and Fortify) Data Act that would also require "reasonable security policies and procedures" to protect consumers and enable disclosures to victims and the Federal Trade Commission within 48 hours of a data breach.

Companies no longer viewed as the victims

All this sounds good from the consumer's point of view. But what about the expense - and potential Linoma Software GoAnywhere Managed File Transfer Solutionpenalties - suffered by the "owners" of the data: the businesses themselves?

While these bills may address the public's interest for notification -- and indeed they would bring some semblance of a national standard - they also represent an interesting shift in the liabilities that companies will face. How is that?

Though we currently have no federal data breach notification law, federal policies now view the companies that experience a data breach as the victims of crime. However, under the proposed legislative bills, companies that do not act quickly to appropriately secure the personal data of customers - or fail to report a data breach in a reasonable amount of time - would not only suffer the theft of data, but also be held liable for its loss.

This is a significant shift. Companies are now being viewed not as the owners of consumer data, but merely guardians and trustees whose job it is to protect that data or face criminal penalties. And the message is clear: if companies won't take adequate precautions to secure the sensitive data of our customers, they'll pay a hefty price.

Where does your company stand?

In a world in which diligent hackers have the power break into seemingly secure networks and systems, what can your company do?

The challenge is first to determine exactly what qualifies as adequate precautions.

GoAnywhere Secure Managed File Transfer A review of the HIPAA HITECH security provisions that took effect last year provides some insight about what the government considers adequate protection.

HITECH strongly recommends the use of encryption technology. Encryption is a good place for your company to start, especially when dealing with the data your company stores on its servers. If sensitive data itself is kept securely encrypted, a data breach doesn't expose the content of the information itself.

Secure managed file transfer protocols - which send data using encryption - is the second place to focus attention.

If data is encrypted when it is being securely transmitted between business partners, the value of that data should it be breached - through hacking, theft, or other malicious actions - is worthless. Encryption and secure managed file transfers can dramatically minimize the holes of technical breaches, significantly reducing an organization's liability.

Preventing exposure

The Citigroup data breach has rekindled the momentum for a nationwide, cross-industry data breach reporting standard. This standard will not to eliminate the physical breaches themselves. What's needed is legislation to encourage companies secure the underlying data that is the target of the hackers.

Isn't it time for your company to take a serious look at its liabilities and to investigate how encryption and managed file transfers can close these important security holes?

Top 10 Healthcare Data Breaches in 2010

Most data breaches are caused by simple acts of carelessness.

Last March the Ponemon Institute released its findings for the 2010 Annual Study: U.S. Cost of a Data Breach. The study -- based on the actual data breach experiences of 51 U.S. companies from 15 different industry sectors -- revealed that data breaches grew more costly for the fifth year in a row. They jumped from $204 per compromised record in 2009 to $214 in 2010.

The increase in cost, however, pales in comparison to the reputational cost of companies that have been victimized, particularly in the healthcare sector.

HITECH builds Wall of Shame

Consider that the U.S. Department of Health and Human Services has begun posting the data breaches affecting 500 or more individuals as required by section 13402(e)(4) of the HITECH Act. The New York Times has labeled this site "The Wall of Shame". Why? Because if patients have no faith in electronic record-keeping, the future of healthcare record automation will be jeopardized: Law suits and government regulation will bury any cost-savings.

The Back Stories of Healthcare Data Breaches

What are the stories behind the most severe healthcare sector data breaches reported in 2010? Here are the ten most expensive stories, in ascending order of cost, documented in the Privacy Rights Clearing House database. While they're sober reminders of the problem of keeping data secure, they're also instructive: none of these breaches were malicious hacks, but were instead the results of theft, poor record-keeping policies, and simple human error.

(Note that the estimate of liability uses the $214/ record cost identified by the Ponemon Institute in its annual report. We have purposely not published the names of the reporting institutions.)

10th Most Expensive: Physician Computer Theft Exposes 25,000

On June 29th of 2010 a thief stole four computers from a physician specialist's office in Fort Worth, Texas. This theft resulted in an estimated 25,000 patient records being exposed. The patient records contained addresses, Social Security numbers and dates of birth. Estimated liability: $5,350,000.

9th: Medical Center Theft Exposes 39,000

On the weekend of May 22nd, 2010 two computers were stolen from a medical center in the Bronx. Names, medical record numbers, Social Security numbers, dates of birth, insurers, and hospital admission dates of patients were known to be on the computers. Total records compromised: 39,000. Estimated liability: $8,346,000.

8th: Optometrist's Computer Theft Exposes 40,000

A computer stolen from an Optometry office in Santa Clara, California on Friday April 2nd, 2010 contained patient names, addresses, phone numbers, email addresses, birth dates, family member names, medical insurance information, medical records, and in some cases, Social Security numbers. Though the files were password protected, they were not encrypted. A total of 40,000 records were lost, with an estimated liability of $8,560,000.

7th: Medical Records Found at Dump Expose 44,600

Medical records were found at a public dump in Georgetown, Massachusetts on August 13th, 2010. The records contained names, addresses, diagnosis, Social Security numbers, and insurance information. A medical billing company that had worked for multiple hospitals was responsible for depositing the records at the dump. The exposure required the hospitals to notify patients - an effort that continues to this date. The total number of records known to have been exposed is 44,600, but the search continues. Estimated liability: $9,544,400.

6th: Consultant Laptop Stolen Exposing 76,000

On March 20th, 2010, in Chicago, Illinois, a contractor working for a large dental chain found his laptop stolen. The computer held a database containing the personal information of approximately 76,000 clients, including first names, last names and Social Security numbers. Estimated liability: $16,264,000.

5th: Lost CDs Expose 130,495

On June 30th, 2010 a medical center in the Bronx reported that it had failed to receive multiple CDs containing patient personal information that was sent to it by its billing associate. These CDs were lost in transit. Information of 130,495 patients included the dates of birth, driver's license numbers, descriptions of medical procedures, addresses, and Social Security numbers. Estimated liability of $27,925,930.

4th: Portable Hard Drive Theft Exposes 180,111

In Westmont, Illinois, a medical management resources company reported on May 10, 2010 that a portable hard drive had been stolen after a break-in. The company believes the hard drive contained personally identifiable information about patients including name, address, phone, date of birth, and Social Security number. The company acknowledged that this hard drive had no encryption. As a result, 180,111 records were exposed, creating an estimated liability of $38,543,754.

3rd: Leased Digital Copier Leaks 409,262

On April 10th, 2010 a New York managed care service in the Bronx reported that it was notifying 409,262 current and former customers, employees, providers, applicants for jobs, plan members, and applicants for coverage that their personal data might have been accidentally leaked through a leased digital copier. The exposure resulted because the hard drive of the leased digital copier had not been erased when returned to the warehouse. Estimated liability: $87,582,068.

2nd: Training Center Hard Drive Theft Center Exposes 1,023,209

The theft of 57 hard drives from a medical insurance company's Tennessee training facility in October of 2010 put at risk the private information of an estimated 1,023,209. customers in at least 32 states. The hard drives contained audio files and video files as well as data containing customers' personal data and diagnostic information, date of birth, and Social Security numbers, names and insurance ID numbers. That data was encoded but not encrypted. Estimated liability to date: $218,966,726.

Most Expensive of 2010: Two Laptops Stolen Exposes 860,000

A Gainsville, Florida health insurance company reported in November of 2010 that two stolen laptops contained the protected information of 1.2 million people. This is an on-going story, as new estimates are calculated. To date, the estimated liability is $256,800,000.

Preventing Exposure: Data Encryption

These cases document that the majority of the data breaches which occurred in 2010 were not the result of hacking activities, or even unauthorized access by personnel. The greatest data losses were simply the result of computer theft of portable devices and misplaced media. Had the contents of the files been encrypted, this could have significantly reduced the risks and liabilities of these data losses.

Time and time again, industry experts point to data encryption as the key method by which organizations can prevent inadvertent exposure of sensitive data.

Of course, no healthcare organization wants to be listed on the US Department of Health and Humans Services' Wall of Shame. And the costs - in dollars and in reputation - can be extraordinary.

Isn't it about time your management got serious about data encryption?

Who is Protecting Your Health Care Records?

How important is a patient's privacy? If your organization is a health care facility, the instinctive answer that comes to mind is "Very important!" After all, a patient's privacy is the basis upon which the doctor/patient relationship is based. Right?

But the real answer, when it comes to patient data, may surprise you. According to a study released by the Ponemon Institute, "patient data is being unknowingly exposed until the patients themselves detect the breach."

The independent study, entitled "Benchmark Study on Patient Privacy and Data Security" published in November of 2010examined the privacy and data protection policies of 65 health care organizations, in accordance with the mandated Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. HITECH requires health care providers to provide stronger safeguards for patient data and to notify patients when their information has been breached.

Patient Data Protection Not a Priority?

According to the study, seventy percent of hospitals say that protecting patient data is not a top priority. Most at risk is billing information and medical records which are not being protected. More significantly, there is little or no oversight of the data itself, as patients are the first to detect breaches and end up notifying the health care facility themselves.

The study reports that most health care organizations do not have the staff or the technology to adequately protect their patients' information. The majority (67 percent) say that they have fewer than two staff members dedicated to data protection management.

And perhaps because of this lack of resources, sixty percent of organizations in the study had more than two data breaches in the past two years, at a cost of almost $2M per organization. The estimated cost per year to our health care systems is over $6B.

This begs the question: Why?

HITECH Rules Fail to Ensure Protection

HITECH encourages health care organizations to move to Electronic Health Records (EHR) systems to help better secure patient data. And, indeed, the majority of those organizations in the studies (89 percent) said they have either fully implemented or planned soon to fully implement EHR. Yet the HITECH regulations to date do not seem to have diminished security breaches at all, and the Ponemon Institute's study provides a sobering evaluation:

Despite the intent of these rules (HITECH), the majority (71 percent) of respondents do not believe these new federal regulations have significantly changed the management practices of patient records.

Unintentional Actions - The Primary Cause of Breaches

According to the report, the primary causes of data loss or theft were unintentional employee action (52 percent), lost or stolen computing device (41 percent) and third-party mistakes (34 percent).

Indeed, it would seem that - with the use of EHR systems - technologies should be deployed to assist in these unintentional breaches. And while 85 percent believe they do comply with the loose legal privacy requirements of HIPAA, only 10 percent are confident that they are able to protect patient information when used by outsourcers and cloud computing providers. More significantly, only 23 percent of respondents believed they were capable of curtailing physical access to data storage devices and severs.

The study lists 20 commonly used technology methodologies encouraged by HITECH and deployed by these institutions, including firewalls, intrusion prevention systems, monitoring systems, and encryption. The confidence these institutions feel in these technologies are also listed. Firewalls are the top choice for both data breach prevention and compliance with HIPAA. Also popular for accomplishing both are access governance systems and privileged user management. Respondents favor anti-virus and anti-malware for data breach prevention and for compliance with HIPAA they favor encryption for data at rest.

The Value of Encryption

The study points to the value of encryption technologies - for both compliance purposes and for the prevention of unintended disclosure - and this value is perceived as particularly high by those who participated in the study: 72 percent see it as a necessary technology for compliance, even though only 60 percent are currently deploying it for data breach prevention. These identified needs for encryption falls just behind the use of firewalls (78 percent), and the requirements of access governance (73 percent).

Encryption for data-at-rest is one of the key technologies that HITECH specifically identifies: An encrypted file can not be accidentally examined without the appropriate credentials. In addition, some encryption packages, such as Linoma's Crypto Complete, monitor and record when and by whom data has been examined. These safeguards permit IT security to audit the use of data to ensure that - should a intrusion breach occur - the scope and seriousness of the breach can be assessed quickly and confidently.

So how important is a patient's privacy? We believe it's vitally important. And this report from the Ponemon Institute should make good reading to help your organization come to terms with the growing epidemic of security breaches.

Read how Bristol Hospital utilizes GoAnywhere to secure sensitive data.