Byte of Prevention Blog

by Jay Reeves |

Small Devices Pose Huge Cyber Risks

Pin on Pinterest Share on Google+ Share on LinkedIn

You might not think your copy machine poses a potentially disastrous cybersecurity risk.

But just ask New York health care provider Affinity Health Plan, which sustained financial losses of more than a million dollars following a data breach involving its copiers.

“With so much attention paid to phishing attacks and hacking, ubiquitous technologies are being overlooked,” writes tech expert Jason Tashea in the ABA Journal. [P]hotocopiers, fax machines, smartphones and USB drives create unique security vulnerabilities. For lawyers, overlooking these devices could have serious consequences for attorney-client privilege and create ethics violations.”

The trouble for Affinity started when the lease expired on its photocopiers. The machines were wheeled out of the office and returned to the leasing agent. Out of sight, out of mind, right?

Wrong. The copiers’ hard drives had not been erased before the machines were surrendered and resold. That made the electronic health care information of more than 344,000 people publicly available.

Fax Machines and SmartPhones

In the Affinity case, a purchaser who bought one of the used copiers hit the “print” button and received medical records for nine people, according to CBS News, plus hundreds of pages of driver’s licenses, social security cards, W-2 forms and even a handwritten love note.

When Affinity learned of the debacle, it was required to file a formal breach notification with state and federal regulators. It also had to notify all of its clients and anyone “who might have ever had information on Affinity copy machines, including current and former employees,” reported CBS News. More than 400,000 individuals were notified that their medical or personal data may have been compromised.

In addition, Affinity reached a 2013 settlement with the U.S. Department of Health and Human Services in which it paid more than $1.2 million in civil penalties. The company also agreed to recover the copiers, conduct a comprehensive risk assessment, and come up with a new cybersecurity plan, according to HHS.

“A lot of lawyers aren’t thinking that the copier has a hard drive in it,” says cybersafety attorney Joe Lazzarotti in this ABA Journal article. “These peripheral devices of all kinds present risks that we’re not thinking about.”

Duty of Technology Competence

NC Rule of Professional Conduct 1.1, Comment [8] says: “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with the technology relevant to the lawyer’s practice, engage in continuing study and education, and comply with all continuing legal education requirements to which the lawyer is subject.”

Here are some other small devices that can present big risks:

  • Smartphone cameras and microphones. Data can be hacked, stolen or re-routed to unknown destinations.
  • Phone applications. Some apps for Android phones record user screens and relay the information back to the company, according to research from Northeastern University in Boston.
  • USB and thumb drives. One cybersecurity expert calls these ministorage devices the digital equivalent of “dirty needles.”
  • Paper shredders. Though there are no set safety standards, the National Security Agency assesses, reviews and rates some security products like shredders and encryption devices.

 

Have you experienced security problems with seemingly innocuous office products?

 

J

About the Author

Jay Reeves

Jay Reeves practiced law in North Carolina and South Carolina. He was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. He is the author of The Most Powerful Attorney in the World, a collection of short stories from a law life well-lived, which as the seasons pass becomes less about law and liability and more about loss, love, longing, laughter and life's lasting luminescence.

Read More by Jay >

Related Posts

LM Portal Access your LM Portal for policy information and forms.
Need Insurance? See the difference service can make.
Payment Due? Make an online payment now.
Lawyers Mutual NC Logo

Get In Touch

Lawyers Mutual Insurance Company
1001 Winstead Drive, Suite 285

Cary, NC 27513

919.677.8900
 | 
1.800.662.8843

Fax: 919.677.9641

Latest Alerts

The Corporate Transparency Act: What North Carolina Law Firms Need to Know

Lawyers Mutual has published previous alerts regarding the new filing requirements under the Corporate Transparency Act (“CTA”) that went into effect January 1, 2024. After reviewing additional resources, we want to emphasize concerns that we have about the risks and increased potential liability for lawyers undertaking the reporting requirements. This is especially true for the continuing reporting requirements after entity formation and initial reporting.  

Learn More

eCourts Expansion Announced for 2024

The North Carolina Administrative Office of the Courts (NCAOC) recently announced additional go-live plans for counties transitioning from paper files to Enterprise Justice (Odyssey), which currently serves Harnett, Johnston, Lee, Mecklenburg and Wake counties. Twelve northeastern counties comprising Track 3, as previously announced, will go live on February 5, and 10 counties comprising Track 4 (Alamance, Chatham, Durham, Franklin, Granville, Guilford, Orange, Person, Vance and Warren) will go live on April 29.   

Learn More