Your Healthcare Nonprofit, Data Breach, and Mobile

The Case of the Missing Laptop

According to Redspin, a Healthcare IT Security Firm, the most common cause of private health information (PHI) data breaches is the loss or theft of a laptop or other mobile computing device (35% vs. 22.1% by ‘unauthorized access’).

The Redspin report released in February of 2014 voices concerns that one of the biggest culprits of future breaches will be employee negligence:

The proliferation of mobile devices – whether employee issued or personally owned (BYOD: bring
your own device) – will exacerbate this problem. We expect employee negligence alone to
continue to drive the PHI breach statistics even higher over the near term. (p. 5)

In our office, so far, and through a verbal survey of a couple of our insurance providers, we’ve found this fact to bear out. Hacking happens. Firewalls are breached. But more often…

…phones are left at restaurant tables. Laptops are left on backseats of cars, in plain view. Tablet computers get shoved into backpacks which get left at a friend’s apartment. The backpack then mysteriously disappears.

Proper Education and Encryption

In light of these facts, it’s important that all nonprofits (especially mental health and other healthcare nonprofits) educate their employees about properly caring for their devices. Managers should wear down their employees with reminders about being careful with mobile electronics that carry data. Managers should be almost annoying about it, like a parent reminding a child to say ‘thank you’ 13 times a day.

Further (and admittedly, I’m out of my depth here as far as specific recommendations), organizations should research and implement encryption protocols.

What Are You Doing?

What are you doing to protect your nonprofit’s data?

Employee records, donor records, and client records are all at stake.

While insurance is an option for these exposures, it’s vitally important to start implementing preventative risk management.


I’d love to hear your thoughts in the comments; What is your nonprofit doing to prevent or mitigate a data breach incident?

Go check out Redspin’s white paper: BREACH REPORT 2013: Protected Health Information (PHI)


Insurance is for things we can’t predict:

  1. The weather
  2. People
  3. Our health
  4. The legal climate

Storms, dumb decisions (or interpersonal conflicts that squeeze out the worst in us), the random disease that no one saw coming, or a jury of our peers or some new statue (which, I suppose, goes back to the unpredictability of people).

Various types of insurance are intended to address these unpredictable parts of life.

Neither you nor I can prepare for or predict every possible thing that might happen.

We do our best to manage as much risk as possible and then we try to find the best and strongest net to put under it all.

What are the things that are most unpredictable in your nonprofit or business?

What are you doing to manage that unpredictability? What best practices, risk management, or insurance do you have in place to address those things?

Why Should Donors Give to ANY Nonprofit Organization?

Why donors should give to nonprofit organizations

It's a strange question, but it's potentially a powerful one.  I'm reading a sales book by John Jantsch called Duct Tape Selling (affiliate link). He encourages salespeople to challenge a potential client with the question, "Why choose anything?" … [Continue reading]

What Are Your Nonprofit’s Keystone Habits?

Photo Credit: takomabibelot via Compfight cc

Organizations have habits If you looked around your nonprofit, you'd find that people do things a certain way. If you've worked for other organizations, you'd be able to compare and contrast the various organizational habits that drive the culture, … [Continue reading]

Why Cyberliability? Because You’re a Part of the Matrix, of course

We Shun What We Do Not Understand Most of the time we avoid buying things or paying for services we don't understand. There are times when I don't visit the doctor or go to the auto mechanic because I don't understand how they decide the … [Continue reading]

Nonprofit Risk Management Resource: The Foundation Center

One of the biggest ways to protect a nonprofit's vision is to secure consistent and sufficient funding. The Foundation Center, based in New York, is a wonderful resource for nonprofits.. With offices in Atlanta, Washington DC, Cleveland, and San … [Continue reading]