You are here: Home » IT Security » Study finds thousands of sensitive docs on P2P networks

Study finds thousands of sensitive docs on P2P networks

May 19, 2010 By Sam Narisi 1 Comment

Data thieves have a new place to go to find a treasure trove of valuable information: peer-to-peer file-sharing networks.

Researchers at Dartmouth College recently conducted a study to see how easy it is to pull sensitive health care info from those P2P networks.

The conclusion: Sensitive info is easy to find.

The researchers scoured those networks and downloaded more than 3,000 files containing insurance details, diagnosis information and personal info that can be used for identity theft.

That means a lot of people are having their health data exposed: One of the downloaded contained info about 28,000 patients, ComputerWorld reports. Several others had enough info to be classified as a “major breach” under federal law.

How is this info finding its way onto P2P networks? Most often, it’s because an employees installs P2P software such as Limewire or BearShare, usually to download and upload music and video files.

But if the program isn’t properly configured, all the data on the user’s computer could become available to other users on the network. So if the employee’s machine contains sensitive docs, those files are just a click away for anyone who knows how to look for them.

And it isn’t just health data that’s at risk. Earlier this year, the Federal Trade Commission sent a letter to 100 companies warning them that their employees were leaking sensitive data on P2P networks. And in 2009, confidential documents about the design of a government helicopter used to transport White House staff were leaked via a poorly configured file-sharing program.

Overall, 15% of employees admit to using P2P networks at work, according to a survey by the Information Systems Audit and Control Organization.

To keep your company safe from these data leaks, make sure you:

  • Have a written policy banning P2P filesharing at work — even if the applications are configured so they don’t share sensitive documents, connecting to these networks at work is just too risky
  • Are monitoring your network to detect unauthorized programs, and
  • Use firewalls to block outsiders from entering your network.
Filed Under: IT Security, Special Report Tagged With: , , , , ,

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy

Related Posts

  • Patrick Bulteel

    What about user education? As part of induction into a company, users should be given a lesson on P2P software and what things they shouldn’t do. This is regardless of what the company policy is. Not only does this help the user at work, but it helps them at home where corporate information may be accessed (via VPN or now through web applications.)