…when people see a random USB drive just lying on the ground, it’s a perplexing dilemma. Should you pick it up? Take a look at the data you find on it, and maybe try to return it to its owner? What about malware, is there a security risk? Regardless of what goes through people’s minds when they face this situation, a new study has found that discarded USB drives lying around in public will definitely not go unnoticed.
Plugging in a USB stick you found lying on the pavement in a parking lot opens you up to malware. It is possible the stick is infected and left as a type of digital Trojan Horse, however the chances of this happening are actually quite small. Just the economics is limiting. The cost of buying, loading and distributing sticks is much higher for the cyber criminal than using bots to search for vulnerabilities, or sending out millions of bogus e-mails.
Most of the people in the study claimed they opened the found stick hoping to identify the owner and return it.
What if the stick contained a backup of your patient data base? 12% of reported medical / dental data breaches are from lost devices. HIPAA rules require you, the dentist, report yourself if you lose a device with data on it. Would you be grateful if someone opened it, found it was yours and returned it? Of course you would. However would that mean you no longer had a reportable incident?
Yes you would. Even if there was zero evidence the data was accessed or used in a malicious manner. The rules consider it a breach if it is possible that someone could use the data not if they actually do use it.