The Iowa Capital Dispatch reports that the Iowa Department of Human Services (DHS) is unable to decrypt approximately 432,000 emails encrypted by Virtru that its employees sent in 2017 and 2018.
This is a potentially serious issue, as some of the emails contain information that could be important in child abuse investigations and other legal cases.
According to the Iowa Capital Dispatch, the Iowa DHS stopped using Google Workspace for its email switched to Microsoft Outlook in June 2018. In 2017, while it was using Google Workspace, DHS encrypted its email messages using Virtru software. After the June 2018 switch, DHS discontinued its business relationship with Virtru.
Virtru users are given private codes, or keys, that automatically encrypt emails that contain specific words related to “confidential matters,” the Iowa Capital Dispatch reports. Apparently Virtru’s encryption keys either expired or stopped working at some point after DHS made the switch to Outlook and ended its relationship with the company.
What are the next steps?
Iowa DHS has been working with computer techs to try to decrypt the emails in question. As of this writing, only about 10% of the emails have been decrypted, and less than half of the decrypted emails are error-free. DHS officials have not commented on whether further decryptions are possible.
How does this situation impact Iowans?
The Iowa Capital Dispatch asked Roxanne Conlin, one of Iowa’s best-known attorneys, about the impact of the email decryption situation on current and future child abuse cases. Conlin stated that losing access to the emails in question would negatively impact current and future investigations.
However, Iowa DHS spokesperson Alex Carfrae told the Iowa Capital Dispatch that Iowa’s child welfare cases will not be affected by the inability to read the encrypted emails because the case records are maintained elsewhere. Nevertheless, with over 430,000 emails unable to be opened, some important data has been lost.
How can healthcare providers ensure continued access to encrypted emails?
Healthcare providers need to be able to access emails in order to assist patients as well as comply with subpoenas and other legal requests for information. Covered entities and their business associates must also follow HIPAA rules for safeguarding protected health information (PHI), including encrypting emails containing PHI.
Paubox Email Suite seamlessly encrypts all your emails so that your staff can conduct business as usual without having to use a decryption code or change email providers. Email recipients can read email messages without having to take extra steps, such as logging into a portal or using a smartphone app, to access their emails.
Paubox Email Suite ensures that your emails are HIPAA compliant without forcing your employees or your email recipients to do extra work.
Even better, Paubox is compatible with Microsoft 365, Google Workspace, and other popular email providers. If you decide to switch email providers, it is easy to reconfigure Paubox so that it will run on your new platform—without causing you to lose access to your emails.