On May 14th, the Billings Clinic in Montana issued a breach notification statement, which explained that they detected unusual activity within one of its employee’s email accounts.
The employee in question was traveling overseas on a medical mission when the email account was compromised.
“As a result of the forensics investigation, we learned that an unauthorized individual had access to emails and attachments within that one account, some of which included patient information.”
As for scope and scale, information on more than 8,400 individuals was exposed. While the data varied from one patient to the next, the data included patient names, dates of birth, contact information, medical record numbers, internal financial control numbers, diagnoses, and some information about medical services received.
The incident highlights a common, but often overlooked problem.
As analyst Rebecca Herold explains:
“It is very common for data and devices to be hacked while traveling and for those who were hacked to not even realize it. People are often unaware of what is going on around them when they are travelling. They are using any charger station they can find, they speak loudly, and they use free Wi-Fi.
Shoulder surfing is also still very common; it’s a decades-old tactic that still works effectively today. The skimmers on charging stations are increasing in use. Don’t think that if you are in a frequent flyer lounge that these things do not happen there; they happen in those exclusive lounge areas possibly more than in other places.”
The bottom line is, any time your employees are away from your office, the risks of hacking increase. While there are no simple solutions, it bears making your employees aware of the added risks any time they’re traveling. It’s far from a perfect solution, but it’s a good place to start.