ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Local Encryption ... Why Not?

    IT Discussion
    15
    357
    174.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      Very odd. Although I suppose this helps to highlight that if you go to print, you are exposing things. Printing isn't secure - not from the network side nor the paper side. If you are forced to download a PDF, I guess it would help to remind users that they are doing something inherently insecure.

      But why would it do this rather than printing directly?

      DashrenderD BRRABillB 2 Replies Last reply Reply Quote 0
      • DashrenderD
        Dashrender @scottalanmiller
        last edited by

        @scottalanmiller said:

        But why would it do this rather than printing directly?

        Did you post this while I was editing my previous post?

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller
          last edited by

          Yes

          1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender
            last edited by

            What do you think of the possible reasons I posted?

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              That seems to make sense. By going to PDF you know that you will be able to get an exact copy rather than something "close-ish."

              1 Reply Last reply Reply Quote 0
              • BRRABillB
                BRRABill @scottalanmiller
                last edited by

                @scottalanmiller said:

                Very odd. Although I suppose this helps to highlight that if you go to print, you are exposing things. Printing isn't secure - not from the network side nor the paper side. If you are forced to download a PDF, I guess it would help to remind users that they are doing something inherently insecure.

                But why would it do this rather than printing directly?

                Printing can be secure.

                Our copier is HIPAA compliant.

                You could also just hang a personal laser printer off the box you want to be secure.

                My point is that who knows what files these secure browsers are putting on your machine.

                When I am going across some crazy border as a spy, I want to be sure. (NOTE: I have barely ever left the US.)

                DashrenderD 1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender @BRRABill
                  last edited by

                  @BRRABill said:

                  @scottalanmiller said:

                  Very odd. Although I suppose this helps to highlight that if you go to print, you are exposing things. Printing isn't secure - not from the network side nor the paper side. If you are forced to download a PDF, I guess it would help to remind users that they are doing something inherently insecure.

                  But why would it do this rather than printing directly?

                  Printing can be secure.

                  Our copier is HIPAA compliant.

                  You could also just hang a personal laser printer off the box you want to be secure.

                  My point is that who knows what files these secure browsers are putting on your machine.

                  When I am going across some crazy border as a spy, I want to be sure. (NOTE: I have barely ever left the US.)

                  I have no idea what you're talking about crossing borders...

                  But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                  How is your copier HIPPA compliant? Because the drive is encrypted and requires a username/password to get into the drive? Sure that makes it HIPPA compliant, but does not make it secure. If this was a high value target, someone could install a tap on the network connection and probably capture the prints in transit. I'm not aware of any printer that has a driver that uses SSL, though I'm sure there are some out there today.

                  BRRABillB 3 Replies Last reply Reply Quote 0
                  • BRRABillB
                    BRRABill @Dashrender
                    last edited by

                    @Dashrender said:

                    I have no idea what you're talking about crossing borders...

                    Was an IT joke. Poor one, perhaps.

                    Like if I was a spy.

                    1 Reply Last reply Reply Quote 0
                    • BRRABillB
                      BRRABill @Dashrender
                      last edited by

                      @Dashrender said:

                      But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                      Not really. It is still trackable, and considered secure in the US Mail since it is a federal violation to tamper with that.

                      DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                      • BRRABillB
                        BRRABill @Dashrender
                        last edited by

                        @Dashrender said:

                        How is your copier HIPPA compliant? Because the drive is encrypted and requires a username/password to get into the drive? Sure that makes it HIPPA compliant, but does not make it secure. If this was a high value target, someone could install a tap on the network connection and probably capture the prints in transit. I'm not aware of any printer that has a driver that uses SSL, though I'm sure there are some out there today.

                        Here is a link to the brand we have.

                        https://www.konicaminolta.eu/fileadmin/content/eu/Business_Solutions/Products/Security/PDF/SECURITY_WHITEPAPER.pdf

                        Though I am pretty sure if your network is secured, encryption to the copier is not a big deal. It more the hard drive in case it gets traded back in, as in the 1.7 million dollar fine I mentioned earlier for leaving PHI on copiers.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender @BRRABill
                          last edited by

                          @BRRABill said:

                          @Dashrender said:

                          But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                          Not really. It is still trackable, and considered secure in the US Mail since it is a federal violation to tamper with that.

                          what if you don't put it in an envelope? What if you just take it home? what if you make a copy of it? once you have that printout.. you can do anything you want with it.

                          BRRABillB DashrenderD 2 Replies Last reply Reply Quote 0
                          • BRRABillB
                            BRRABill @Dashrender
                            last edited by

                            @Dashrender said:

                            what if you don't put it in an envelope? What if you just take it home? what if you make a copy of it? once you have that printout.. you can do anything you want with it.

                            If it is paper with PHI, it still has to be protected.

                            For example, we have questionnaires where the respondent MIGHT put their name on. SO we have to log it into our building, and secure it in a locked cabinet in a locked room.

                            Just because it is paper doesn't mean you can lose track of it.

                            DashrenderD 1 Reply Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender @Dashrender
                              last edited by

                              @Dashrender said:

                              @BRRABill said:

                              @Dashrender said:

                              But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                              Not really. It is still trackable, and considered secure in the US Mail since it is a federal violation to tamper with that.

                              what if you don't put it in an envelope? What if you just take it home? what if you make a copy of it? once you have that printout.. you can do anything you want with it.

                              Does this mean we can't use it? Of course not, we have to believe that our staff is trustworthy, or we have to get rid of them. Scott's main point, at least as I saw it, was to simply make you aware of this situation, not to make you worried about it.

                              1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @BRRABill
                                last edited by

                                @BRRABill said:

                                @Dashrender said:

                                what if you don't put it in an envelope? What if you just take it home? what if you make a copy of it? once you have that printout.. you can do anything you want with it.

                                If it is paper with PHI, it still has to be protected.

                                For example, we have questionnaires where the respondent MIGHT put their name on. SO we have to log it into our building, and secure it in a locked cabinet in a locked room.

                                Just because it is paper doesn't mean you can lose track of it.

                                You're kidding right? not lose track? We (and all of the hospitals we are part of) print countless things from EHRs, etc. Those prints never flow through any kind of tracking. 99% of the time they are printed, read and then simply put into a shred bin. Nothing stops someone from just taking things out of that bin and taking it home..

                                BRRABillB 1 Reply Last reply Reply Quote 0
                                • BRRABillB
                                  BRRABill @Dashrender
                                  last edited by

                                  @Dashrender said:

                                  You're kidding right? not lose track? We (and all of the hospitals we are part of) print countless things from EHRs, etc. Those prints never flow through any kind of tracking. 99% of the time they are printed, read and then simply put into a shred bin. Nothing stops someone from just taking things out of that bin and taking it home..

                                  No, I'm not kidding. Not from my understanding of HIPAA.

                                  Maybe not tracking, but you can't just print a bunch of stuff and then leave it wherever. There has to be aprocess from the printing through the proper disposal, which yes includes very fine shredding.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @BRRABill
                                    last edited by

                                    @BRRABill said:

                                    @Dashrender said:

                                    But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                                    Not really. It is still trackable, and considered secure in the US Mail since it is a federal violation to tamper with that.

                                    It's also a federal crime to socially engineer someone to get access to their computers. Or to just hack in at all. But I don't think that holds up for not securing the data.

                                    BRRABillB 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @BRRABill
                                      last edited by

                                      @BRRABill said:

                                      @Dashrender said:

                                      How is your copier HIPPA compliant? Because the drive is encrypted and requires a username/password to get into the drive? Sure that makes it HIPPA compliant, but does not make it secure. If this was a high value target, someone could install a tap on the network connection and probably capture the prints in transit. I'm not aware of any printer that has a driver that uses SSL, though I'm sure there are some out there today.

                                      Here is a link to the brand we have.

                                      https://www.konicaminolta.eu/fileadmin/content/eu/Business_Solutions/Products/Security/PDF/SECURITY_WHITEPAPER.pdf

                                      Though I am pretty sure if your network is secured, encryption to the copier is not a big deal. It more the hard drive in case it gets traded back in, as in the 1.7 million dollar fine I mentioned earlier for leaving PHI on copiers.

                                      We could say all of that about desktops, laptops, etc. I'd generally agree with you. But only insofar as a printer would need any and all protection that a laptop would. If you feel a laptop would need to be encrypted, then a printer surely would since it would generally have many fewer protections and be way easier to steal in most cases.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @BRRABill
                                        last edited by

                                        @BRRABill said:

                                        @Dashrender said:

                                        You're kidding right? not lose track? We (and all of the hospitals we are part of) print countless things from EHRs, etc. Those prints never flow through any kind of tracking. 99% of the time they are printed, read and then simply put into a shred bin. Nothing stops someone from just taking things out of that bin and taking it home..

                                        No, I'm not kidding. Not from my understanding of HIPAA.

                                        Maybe not tracking, but you can't just print a bunch of stuff and then leave it wherever. There has to be aprocess from the printing through the proper disposal, which yes includes very fine shredding.

                                        Actually the shredding doesn't have to be fine or even destroy the data, sadly. Once you "moderately mangle it" it's considered enough effort. One of my big complaints about HIPAA, it's a scam and does nothing to protect against data leakage.

                                        BRRABillB 1 Reply Last reply Reply Quote 0
                                        • BRRABillB
                                          BRRABill @scottalanmiller
                                          last edited by

                                          @scottalanmiller said:

                                          It's also a federal crime to socially engineer someone to get access to their computers. Or to just hack in at all. But I don't think that holds up for not securing the data.

                                          A majority of these breaches happen with theft and loss.

                                          HIPAA is all about reasonable protection, as you know. Dropping mail into a USPS box is a reasonable way of securing that data.

                                          Again, if you were sending top secret documents, you wouldn't do that. However, that is not what HIPAA is all about.

                                          scottalanmillerS 2 Replies Last reply Reply Quote 0
                                          • BRRABillB
                                            BRRABill @scottalanmiller
                                            last edited by

                                            @scottalanmiller said:

                                            Actually the shredding doesn't have to be fine or even destroy the data, sadly. Once you "moderately mangle it" it's considered enough effort. One of my big complaints about HIPAA, it's a scam and does nothing to protect against data leakage.

                                            By fine I meant cross-cut. It can't be "easily put back together" in any way.

                                            I agree. Total scam.

                                            Healthcare companies that have actual important data to protect, yet aren't under the HIPAA umbrella I have found generally have WAAAAAAAAAAAAAY better security.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 12
                                            • 13
                                            • 14
                                            • 15
                                            • 16
                                            • 17
                                            • 18
                                            • 14 / 18
                                            • First post
                                              Last post