Perils of USB

The Universal Serial Bus – commonly called USB – standard was developed in the 1990s in an effort to make it easier to connect peripherals to a personal computer.  One of the most widely used USB devices is the portable flash memory device, commonly called a “thumb-drive” or “USB drive.”  USB drives have become the ubiquitous “offline” method of sharing data – with roughly eighty (80) million sold each year.

Now, 20 years after the genesis of the USB drive, we are starting to identify some very major concerns about this method of data storage and sharing.  Most notably, recent news reports have documented the very serious risk of malware which can take advantage of USB drive firmware to spread easily via the common practice of sharing USB drives.

Aside from the very real threat of USB drive malware, another concern exists in the realm of health information.  According to data collected by the Privacy Rights Clearinghouse – there have been 11 reported instances of lost or stolen USB drives containing protected health information (PHI).  These 11 instances could have potentially exposed the PHI of nearly 30,000 patients.  Very often, data saved on USB drives is unencrypted – which, if the drive is lost, can often lead to serious governmental fines.

Simply put, USB drives represent a very real threat to healthcare providers.  They are not a safe way for providers to store or transfer data.  But why is data being put on USB drives?  Very often, this is done as a way to facilitate the necessary exchange of information with contractors or consultants.  Additionally, many practicing physicians store such sensitive data for their research endeavors.

In this day and age, better tools for physicians and researchers to share or examine data are available.  One such tool is the NotesFirst app and cloud portal.  Importantly, tools like NotesFirst, which are encrypted, provide a safe environment the exchanges of such data to.

N. Nedim Halicioglu is an experienced healthcare lawyer specializing in the analysis of medical privacy concerns, startup companies and general civil litigation. He is a consultant and advisor to NotesFirst, Inc, and sits on their Board of Directors