The US-CERT (Computer Emergency Response Team) issued a warning in November that USB flash drives have become a popular vector for spreading computer viruses. Much like the floppy disks of yester-year, people carry them around and use them on different computers. Viruses and other malicious software can easily propagate from computer to computer via infected files. Some hackers engineer their malware to spread through USB devices.
The Windows auto-run feature helps spread viruses. It allows programs on CD Roms, USB drives, and other removable media to execute when they are inserted into your computer. Disabling auto-run can give you an extra measure of security. However, there is no substitute for having good anti-virus software on your computer. Some programs like Avast and AVG offer free versions for home users.
It is always a good idea to scan your USB drive for viruses after using it on a non-trusted computer. ClamWin antivirus has a portable version of their software that runs right off a USB drive; it does not have to be installed on a computer. You can use portable antivirus programs like ClamWin to keep your USB drives safe, and even scan other computers.
Losing sensitive information is another risk with USB drives. It is very easy to walk off and leave them plugged into a computer. There have been several cases documented in the news where important government or business information was leaked through lost USB drives.
Fortunately, there are many portable encryption programs you can use to secure the contents of your USB drive. Programs like TrueCrypt allow you to create custom secure vaults. The danger with these programs is that you can lose all of your data if you forget your password.
USB drives are very handy, but be sure you have policies in place at your practice to protect your computer systems against viruses propagated by USB drives. First and foremost, be sure each of your computers have antivirus software installed. Secondly, if you use USB drives at the office, be sure you encrypt any sensitive patient information.