Stolen laptop puts 12,500 patients’ data at risk
Shands HealthCare has recently announced about 12,500 of their patients that their private medical data has been stolen in January, along with the laptop that contained the personal details. As it almost always happens in the case of hardware storing sensitive records, the laptop wasn’t encrypted in any way.
The stolen info contains names, addresses, medical record numbers and medical procedure codes of the patients, as well as the Social Security numbers of about 650 people. Luckily, up to know, there is no evidence of any misuse of the data, and we should keep hoping that the thief or thieves just needed the notebook to sell it or for personal use…
At least some measures have been taken: training for the employees and system-wide encryption policy to prevent such data breaches in the future. And of course, there’s protection for those affected, eligible for 12 months of free credit monitoring.
Let’s hope the new system works, as according to Gainesville.com, security breaches involving large amounts of patient data being exposed are some what of a recurring habit at Shands.
Self-encrypting laptop from Dell
One of the most common causes of security breaches is stolen hardware. And I’m sure you’ve all heard of the thousands and thousands of laptops stolen in airports, from parking lots and other public places. And as most companies fail to implement a comprehensive endpoint security solution, a stolen laptop means trouble. For the end users, a laptop sometimes stores most of their documents, personal and business, memories from trips and other important events and everything that is private and dear to them. Picturing everything lost to a stranger’s hand is hard to cope it.
Dell states there’s a new way to prevent such bad things from happening: a self-encrypting laptop. Your data is still lost, but at least no one can acess it. The drives with self-encryption features are produced by Seagate and embedded in the new Dell product. And apparently, the Seagate hardware will soon be shipped by IBM and LSI as well. Let’s hope no one breaks the encryption system!
Stay Clear of Computer Threats on Vacation and Business Trips
And how exactly can you do that? CoSoSys has just released version 3.0 of Carry it Easy +Plus which focuses on increased security for security for USB flash drive users that access their data on public PCs like in internet cafés or hotel business centers.
Carry it Easy +Plus 3.0 has a whole range of features on display that are great for road warrior or the luckier ones of us who are vacationing: Website Password Manager, PC-Screen Lock128 bit AES data encryption, Outlook e-mail, contact and calendar sync, File & Folder Sync, No Trace Internet Browsing and much more.
So why do you need such tight security? The official release explains it:
When vacationing or travelling for business, the simplest technology-bound actions on your daily routine can expose you to real threats. Accessing your webmail account in an Internet café or on a different public PC you might run across in hotel business lounges or in airports exposes you to having your login credentials stolen by keyloggers or other malicious applications. The same can happen when plugging in your notebook in an unsecured network.
With the new SafeLogin feature in Carry it Easy +Plus as your password manager, all your website login credentials are stored securely in encrypted format on your portable storage device and automatically entered on any PC without the use of a keyboard. This feature does not only make logging in secure but also more convenient.
US Federal Agencies Welcome Data Theft
After 15 months of investigation into 24 major US federal agencies, the Government Accountability Office (GAO) has release a report showing that key US Departments still don’t take data security seriously. Given the list of breaches we’ve been covering affecting everyone from colleges and hospitals to the US Army, I’d say it’s high time they started!
According to the report quoted by Vnunet.com, around 70 percent of laptops and handhelds used by agency failed to comply with Office of Management and Budget (OMB) rules and didn’t use encryption making the data available to anyone intending to steal it. The OMB rules are not even close to being new, as they decided all federal laptops should be encrypted back in 2007.
“We are recommending that OMB clarify governmentwide encryption policy to address agency efforts to plan for and implement encryption technologies,” said the report.
“We are also making recommendations to selected agencies to properly install and configure FIPS-compliant encryption technologies, to develop policies and procedures to manage encryption, and to provide encryption training to personnel.”
Other practices of extremely low levels of security (or should we say non-existent security) include Nasa employees refusing to deploy encryption software on their laptops and members of the Department of Education who weren’t told encryption software was installed so they of course weren’t using it. From what I know if they’re using Windows, whenever a new program is installed, you have a quite nagging message in your Startup Menu. How patient must one be to simply ignore it over and over again 
Laptop with Patient Data Stolen from NHS Hospital
An NHS hospital in Dudley reported the theft of a laptop containing the personal information over 5,000 patients. Although the theft in question happened in January, word of it got out only later, when the Dudley Group of Hospitals announced all affected patients.
According to an article published by Vnunet.com, the laptop was properly secured, requiring a password to login and a different one for the actual database containing patient personal details. The article further shows that NHS blames the large number of people going in and out of a public hospital for the theft, claiming that the security is a major concern. The company has spent quite some money on data encryption but apparently they should have tried to complete the process sooner:
“We take precautions to try to protect all the IT equipment in our hospitals from theft, but given that this is a public building with thousands of people accessing it every day, there are inevitably practical difficulties around security.”
Farenden said that the trust is in the process of rolling out encryption technology, following a £135,000 spend on data security. However, the laptop in question had not been upgraded before it was stolen.
