A healthcare focused study by Bitglass reveals that theft of user devices and resulting theft of personal information poses significant risks to companies and end users.
We often think of the theft of credit card data as being the most common threat to identity and user data but the Bitglass report points out that healthcare related data accessed via stolen devices has the potential to cause many more problems for organizations and their users when it falls into the wrong hands. An article in SC Magazine discussing the results of the Bitglass report points out:
"Citing an 2013 EMC report (PDF), Bitglass noted that the value of stolen health records on the black market far outweighs that of credit card information, and that criminals can “continue using or selling the [PHI] even after the victim knows it's been compromised,” as opposed to credit card information, for instance, that can be quickly devalued by canceling a card.
A health record is sold on average for $50 on the black market, while a stolen Social Security number usually fetches a $1, the report said."
In addition to the value of these records to thieves who can reuse and resell them, the Bitglass report states that 68% of data breaches occurred when devices were lost of stolen, as opposed to the 23% which were accessed in data breaches due to hacking.
This problem centers around a specific need in security to assure that only the true user of the device and the applications on it can access the device. This report specifically speaks to the risk introduced by the device falling into the wrong hands, as opposed to the often cited risks associated with viruses and malware.