Data thieves have a new place to go to find a treasure trove of valuable information: peer-to-peer file-sharing networks.
Researchers at Dartmouth College recently conducted a study to see how easy it is to pull sensitive health care info from those P2P networks.
The conclusion: Sensitive info is easy to find.
The researchers scoured those networks and downloaded more than 3,000 files containing insurance details, diagnosis information and personal info that can be used for identity theft.
That means a lot of people are having their health data exposed: One of the downloaded contained info about 28,000 patients, ComputerWorld reports. Several others had enough info to be classified as a “major breach” under federal law.
How is this info finding its way onto P2P networks? Most often, it’s because an employees installs P2P software such as Limewire or BearShare, usually to download and upload music and video files.
But if the program isn’t properly configured, all the data on the user’s computer could become available to other users on the network. So if the employee’s machine contains sensitive docs, those files are just a click away for anyone who knows how to look for them.
And it isn’t just health data that’s at risk. Earlier this year, the Federal Trade Commission sent a letter to 100 companies warning them that their employees were leaking sensitive data on P2P networks. And in 2009, confidential documents about the design of a government helicopter used to transport White House staff were leaked via a poorly configured file-sharing program.
Overall, 15% of employees admit to using P2P networks at work, according to a survey by the Information Systems Audit and Control Organization.
To keep your company safe from these data leaks, make sure you:
- Have a written policy banning P2P filesharing at work — even if the applications are configured so they don’t share sensitive documents, connecting to these networks at work is just too risky
- Are monitoring your network to detect unauthorized programs, and
- Use firewalls to block outsiders from entering your network.