Is Sensitive Data in Your Image Archive Safe from Cyber-Thieves?

by Kevin Craine | 2/12/15

It happened again last week … another huge, headline-grabbing data breach. The latest victim is Anthem BlueCross BlueShield; hacked by cyber-thieves who gained access to approximately 80 million customer accounts containing sensitive medical information. Several U.S. states are investigating the massive cyberattack on the second largest U.S. health insurer.  Investigators say the breach is being examined for possible ties to China.

Even the Most Secure Archives Are At Risk

The Anthem hack serves as a wake-up call that even the best-protected databases are insufficiently defended. But this is only the latest “wake-up” in a long list of recent warnings that cyber-theft is on the rise. The harbinger of the current cyber-theft trend was the breach of systems at Target, the well-known discount retail chain, just weeks before the 2013 year-end holidays. Cyber-thieves stole personal and financial information from at least 12 million shoppers.

Cyber-Theft on the Rise

More breaches followed. In March 2014, Michaels, the nation’s largest arts and crafts chain, suffered a similar data breach and criminals got away with account information of nearly 3 million customers. At Neiman Marcus, hackers raided information relating to 1.1 million customer accounts. Soon stalwart companies like Yahoo, AT&T, eBay, Google, Home Depot and JP Morgan joined the list. Indeed, data breaches are becoming so common that we’ve all come to expect them every week or so.

Overlooked Information, Overlooked Risk

In any organization there is overlooked information that is never noticed and no one ever thinks about. It includes, among other things, information captured in an “image’ archive or document management repository. This information can represent a treasure trove of opportunity for computer hackers who are looking to steal sensitive and private data. Things like social security numbers, financial and medical account details, addresses and phone numbers, are all found on document images in your archive and that information can translate into great prospect and profit for cyber-thieves.

Automatic Redaction

With cyber-theft an ever-growing risk, organizations must design and adopt ever more advanced threat protection solutions and strategies that leverage new technologies and approaches. One way to do that is through automatic redaction. Advanced capture systems have field level redaction capability that covers up certain types of content before it is entered into an archive. Some go a step further with the ability to perform a look-back analysis that recaptures and redacts sensitive data that has been overlooked and could result in increased exposure and risk. These automatic redaction capabilities enable more comprehensive privacy and data security strategies that boost information governance overall.

How do you know what you don’t know? 

Not every bit of information contained on every document needs to be imaged and archived. For example, you may want to capture and identify a social security number on a contract or authorization form, but once that information is entered into a line of business system it may not make sense to store it an image repository. Indeed, the social security number may have no remaining value in terms of archive, but it certainly will present a significant risk if a security breach should occur. And a 20-year-old image archive may indeed be a tempting target for hackers. Automatic redaction is therefore an important capability because it gives organizations the tools and the ability to effectively address and manage the risk of handwritten data, and implement thoughtful strategies to protect that information from data breaches and cyber-attack.

Moving Forward

Organizations can no longer afford to overlook the risk of sensitive data housed in an image archive, especially as demands for improved information governance increase. Look for solutions that automate the redaction process, both going into the archive and when documents are retrieved. Look for providers and partners that provide the right mix of experience, vision, and advanced capabilities that leverage the full value of technology to battle cyber-theft.

Guest contributor Kevin Craine is the author of the book Designing a Document Strategy and host of the Document Strategy Podcast. He is the managing director of Craine Communications Group. For more information visit CraineGroup.com.