in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

NIH Loses Laptop Computer Lacking Hard Disk Encryption

The National Institute of Health has reported that a laptop with patients’ data has been stolen.  The theft took place about a month ago, but the incident was not made public until today.  Approximately 2500 patients may be affected by the latest data security breach, since the laptop in question did not feature full disk encryption.

 

The information in the laptop included names, medical diagnoses, and details of the patients’ hearts.  Information that would be readily useful to identity thieves—such as Social Security numbers, phone numbers, addresses, and financial information—were not included.  (Question: why would financial information be collected for a heart study?)  Regardless, the incident is being considered very seriously because it represents a violation of the government’s data protection policy and a violation of patients’ privacy.

 

The latter is self‑explanatory.  Doctor‑patient confidentiality exists for many reasons, including incentives for patients to give honest and accurate description of symptoms.  The former, too, is self‑explanatory: things get stolen or lost.  And when laptop computers get lost or stolen, numerous people may be affected, in the range of, say, oh, I don’t know, approximately twenty‑five hundred people.

 

The washingtonpost.com has a write‑up of this case, and it’s quite an interesting read because, if anything, it gives you a view into how that particular bureaucracy works (there is a reason why it took so long to report the theft to the public).  In summary, the now‑missing laptop was to be encrypted, but the process failed for some reason.  The person using the laptop failed to do a follow up on this matter and the computer subsequently got stolen from his car’s trunk.

 

In some ways, I wish we were dealing with brain researchers so I could make a crack about laptop encryption not being brain surgery.  Alas, it is not to be.

 

I think there are two people to blame for this information security breach.  Or rather, there is someone to blame in addition to the heart researcher who was using the laptop.  Clearly, a large part of the blame falls on the researcher himself.  He knew his laptop was not encrypted.  He was also in a better position to know what kind of data could be found on his laptop, and the potential ramifications if it were to be stolen.

 

However, it’s also true that there should have been some form of oversight, i.e., auditing and correcting any shortcomings.  For example, with an encryption solution like AlertBoot, not only do you get an easy and centrally managed whole disk encryption system, you get a superior reporting engine, allowing you to easily perform audits on the state of the computers’ encryption and ensure nothing fell through the cracks.  It stands to reason that someone other than the laptop owner would be in charge of running such reports.  In the case of the NIH, it looks like this person fell asleep at the wheel.

 
<Previous Next>

Agilent Surprised Full Disk Encryption Lacking On Stolen Laptop Computer

NIH Loses Laptop Computer Without Hard Disk Encryption: Some Thoughts

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.