Print and mail service providers may believe hackers aren’t interested in the customer data they use to create and distribute documents. Compared to financial institutions and healthcare providers, the information they store may seem less valuable and not interesting to identity thieves.
That’s not exactly true.
In a recent case, a medical billing company reported an intrusion that affected 2.6 million patients. Hackers could view patient names, addresses, health insurance information, and sometimes social security numbers. The billing company traced their vulnerability to a third-party software product.
The company successfully detected the breach, secured their systems, and informed their healthcare provider customers, including a large multi-hospital healthcare company. Forensic examiners determined that the intruders downloaded no data from the service provider’s computers. No patients reported any suspicious activity.
In this case, the billing company suffered no severe consequences because of the security breach. The preparations and preventative measures they took, such as securing the data against downloading, probably saved them.
How Prepared Is Your Organization?
Not every print and mail company enjoys the same level of protection as the hacking victim mentioned above. If a criminal gained access to sensitive customer data in your possession, would you be able to respond so quickly and limit the damage? Many times, the answer is no.
Information interesting to thieves can be lost or stolen from print/mail service providers in several ways including:
· Network servers accessible via the internet or through vulnerable devices
· Lost portable flash drives
· Stolen laptops
· Discarded printed materials
· Unshredded data entry source documents
If a major client, like a 40-hospital healthcare company, entrusts your company with sensitive data, you’ve probably invested in advanced data protection measures. But smaller organizations that may process bills for a few medical clinics or print statements for a credit union may not have the resources to prevent or decrease their exposure.
Start the Year by Reviewing
Take time at the beginning of the year to assess your processes and procedures regarding customer data. Reinforce employee policies about connecting personal devices to your network. Review data transmission protocols and storage procedures and verify the staff is following them. Consider implementing data encryption capabilities.
Print and mail service providers may never be primary targets for identity thieves. Healthcare providers and insurance companies are more likely to be hacking victims because of the richness of their stored information. But criminals might see your organization as a weak link. They might test your systems to see if useful information can help them carry out their crimes against other entities. Should hackers be successful, their efforts could impact your business.
If your company is implicated in a privacy breach, you will probably need to make investments of time and money to:
· Investigate the incident
· Make immediate improvements to prevent further intrusions
· Document your privacy protection procedures
· Restore customer trust
· Take remedial actions such as rerunning jobs or paying for credit monitoring
· Initiate formal employee training
No one can guarantee they can keep determined criminals from accessing data they use to create customer documents. Hackers get more sophisticated all the time. Mistakes can happen too. Operational errors such as mis-matching envelope contents can occur (but are usually catchable). But taking reasonable steps now can minimize your exposure and lessen negative impacts from privacy incidents should they occur.
Mike Porter at Print/Mail Consultants helps document operations build and implement strategies for future growth and competitiveness. Learn more about his services at www.printmailconsultants.com. Follow @PMCmike on Twitter, or send him a connection request on LinkedIn.