Laptop stolen with 39,000 Blue Cross physicians information


Once again the health care industry is struggling to maintain control over sensitive information. The Boston Globe reported this week that the largest health insurer in Massachusetts, the Blue Cross and Blue Shield association, had to warn 39,000 of it's physicians about the loss of a laptop which contained confidential health information.

Jeff Smokler, national Blue Cross-Blue Shield spokesman, said the insurance giant - roughly 90 percent of physicians nationwide are in its network - encrypts all of its information on company computers, but an employee who was authorized to have the information violated company rules by downloading an unencrypted version onto a personal laptop. The laptop was stolen after the employee left headquarters with it.

This is a perfect example of how Oracle IRM can help create a complete security solution from the database through to documents on the desktop. Using encryption in the database, on the network communication and even on computers part of your organization still leaves you exposed when content is downloaded into documents that can ultimately reside beyond your control. After incidents like the above, many people start implementing hard disk and operating system encryption which only protect the the document at rest. For a complete document and email solution you want to place the encryption at the document level so that no matter where it travels, it is always secure. Oracle IRM uses a combination of industry standard encryption with powerful persistent rights control to ensure that confidential information, such as patient and physician data, can only be accessed by authorized users.

Even when the information is on a stolen laptop, nobody can access data in documents and emails unless they have been given rights on the Oracle IRM server. In this case an employee violated the rules and copied data to a personal laptop, there may well have been legitimate reasons for doing so. Users want to be able to access information in a variety of ways, people these days are used to very collaborative online environments where it doesn't matter what computer you use, you should have access to your information. Oracle IRM allows your users to copy confidential content to even personal machines and you still retain control over not only their ability to open the document, but also if they can print, edit or copy and paste the information.

Another crucial element of a complete security solution would be to ensure that the information downloaded from applications is secured by IRM at source. Oracle IRM has a very extensive, yet simple API which allows companies to encrypt and secure information at the point where a user downloads it by integrating IRM with the application. A good example of this is our integration with the Oracle content management system.

Oracle have also spent just as much time in developing an easy user experience as they have in making the technology secure. This means Oracle IRM can be deployed not only to protect your information at the point it's exported from the database in a document, but also to be relatively transparent to the end user. People often don't realize the document has been secured until they try to print or take a screen shot.


This is the perfect example of why cloud computing offers more robust security than current environments. Employees need ubiquitous access to their data so they keep it on their laptops or a thumb drive - this is the worst possible scenario. This doesn't happen if you utilize a contemporary cloud computing vendor like Google, or PracticeFusion.

Posted by Joe Tierney on October 05, 2009 at 02:01 AM PDT #

Actually Joe I don't think that cloud computing offers a stronger security solution at all, it simply moves the problem to another place. Infact, with cloud computing you now place your security in the hands of others and lose even more control. Google docs recently exposed a huge security bug in it's online documents service, if this was an enterprise secure content solution I would have had little control over such incidents. Using Oracle IRM to protect your content, you maintain the server which issues rights to content and it doesn't matter where those documents ultimately reside because you have the control. We have partners who implement Oracle IRM as part of their SaaS online document security solutions but this doesn't make it any more secure than organizations running the service themselves, they still have to rely on the SaaS providers to maintain and secure the system appropriately.

Posted by Simon Thorpe on October 05, 2009 at 06:42 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed

Oracle IRM protects and tracks your sensitive information no matter where it goes. It combines business friendly encryption with role based usage rights and auditing.

11g quick guide


« July 2016