Sutter Health – Latest Data Breach Victim Could Have Been Saved by a Virtual Desktop

November 22nd, 2011

Lately there seems to be a torrent of data breaches by companies who have “lost”, “misplaced” or “left unprotected” what was assumed by trusting patrons, patients, student, or citizens, to be secure data.  This has been most pronounced in the healthcare industry.  The latest victim: Sutter East Bay Medical Foundation in Albany California.  Just this past Wednesday, Sutter Health reported that “a desktop containing data for 4.24 million patients was stolen from its headquarters in Sacramento.  The stolen computer had no encryption software and contained names, addresses, dates of birth, phone numbers, email addresses, medical diagnoses, procedures, record numbers and health insurers information.  Yes, that was 4.24 MILLION patient records from two hospitals and 19 medical facilities.

I think you can imagine the PR mess, legal backlash and costs Sutter Health will be scrambling to address as they notifying millions that their data is unaccounted for; in whose hands? No one knows.  This is exactly the type of data that hackers and thieves utilize for phishing schemes to obtain bank account information and social security numbers.  In this digital era where our lives are played out online, we’ve almost become numb to data breaches and stolen data.  No longer is the question if this could happen, but what can we do to prevent it?  Therefore, it’s shocking to see that despite the money being spent on data security, there seems to be a serious hole in IT’s ability to securely close the loop hole on stolen devices and data loss from the end point.

TheInfoPro (a division of the analyst and data company The 451 Group) recently released their Bi-Annual Study of the Global 2000, reporting a 39% increase in security spending in 2011 over 2010 with high profile breaches and mobile devices being the key spending drivers.  That increase is projected to carry through into 2012.   So, where will all that money be spent?  No doubt in a variety of areas including anti-virus, application-aware firewalls, penetration testing and encryption.  But, what about securing the device itself?  Most organizations will try to tackle end point security by attempting to lock down the environment and devices their users can use to access corporate data. Unfortunately, Consumerization of IT has changed this game. No longer can IT expect users are just using the one locked down device

There is a different approach to consider when looking at your end point security.  Stolen laptops do not have to equate with PR nightmares, data breaches, and loss of corporate valuation. Enter – Virtual Desktop Infrastructure (VDI) and Desktops as a Service (DaaS).  With a hosted virtual desktop, there’s no fear of stolen devices releasing sensitive data into the great unknown because the end point (i.e. laptop) is just that, an end point.  No data lives on the device, instead the device is merely delivering the corporate desktop within a secure window.  No data is exchanged between the corporate desktop and the end-point (be it laptop, mobile device, iPad, PC, etc.,), and a two factor authentication between the end-point and virtual desktop provides a solid and secure barrier from hacker access, untrusted devices accessing the corporate network, and the inevitable lost / stolen device scenarios.  The only communications between the end point device and the data center are keystrokes and mouse data in one direction and screen updates in the other - and these are encrypted with the strongest levels of encryption.  In fact, with a hosted desktop, there’s even the option for a fully network-segregated solution within your own “tenant” and the option to host in your own data center if you prefer, thereby making all of the corporate security features inherited within your firewall, active directory, controls, etc.

The list of enhanced security features delivered with hosted virtual desktops is extensive:

-Data kept secure from laptop/device theft or loss

-Intellectual Property (IP) secure when third party or offshore teams are leveraged

-Secure access from insecure networks

-Data Secure from “thumb drive” theft

-PC remains inside corporate network

-Supports two factor authentication

-Ability to lock out email and internet

Sutter Health recently expressed regret for the breach ensuring a breach like this will never happen again, but really, with data on end point devices, how can anyone be so assuring?  We’d love to chat with Sutter Health CEO, Patrick Fry about DaaS and how he can truly ensure patients that their data will never again be accessible as a result of theft or loss.  Patrick we offer you the DaaS challenge, and promise you secure data, call us!

View More Blogs

Posted by David Grant

Blog author photo
As Sr. Director, Product Marketing and Product Management for DaaS at VMware [formerly Desktone], David directs VMware's DaaS marketing efforts, including product management, product marketing and marketing/corporate communications.
View more blogs

Related Blogs