Sunday, October 07, 2007

Whisper in Blindness

More and more I am starting to believe that email is the biggest blind spot in most systems:

One slip-up can become a whopper. For example, a Palm Beach County, Fla., health department statistician and epidemiologist mistakenly attached a list containing more than 6,000 names of HIV/AIDS patients to an e-mail in 2005. The message was sent to 800 of the department's 900 employees.

It is so easy to hit send without giving any thought, and that is just the most likely innocent breach. Most people have web-based email accounts like Hotmail, GMail, or Yahoo Mail. Because these are web-based, it is nearly impossible to control what goes out via them. One alternative, of course, is to block access to these webmail providers, but there are so many and users are so clever at circumventing blocks and safeguards that it is almost impossible to make this bulletproof. Training is a solution, of course, but not a cure, because if your users are careless or malicious they will ignore you.

1 comment:

Joel Sanderson said...


I agree with you completely. E-mail security is probably the most overlooked security hazard.

We are currently developing and marketing a secure e-mail product that uses fingerprint biometrics for authentication. I would be interested in hearing what types of things would be necessary to make this a practical solution for HIPAA compliance.

If you are interested, you can contact me via e-mail (jsanderson _at_ livingsw -dot- com) or our website's sales/contact page:

Thanks for the informative blog!

-Joel Sanderson