in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption Software: St Jude Heritage Patient Info Stolen, 22,000 Affected

St. Jude Heritage, in Fullerton, CA, has notified 22,000 patients that their personal data may have been compromised when five laptop computers were stolen.  The information was not protected via full disk encryption software like AlertBoot endpoint security solutions, although password protection was used.

Theft Happened in February, Notifications Sent Last Week

A total of 22 computers were stolen, but only the five mentioned above contained sensitive, patient data.

The theft occurred two months ago, but patients are being notified only now because St. Jude had to reconstruct what was on the stolen computers: SSNs, dates of birth, and health-related information such as diagnoses (in some cases only, for the latter).

Credit monitoring and fraud alert services are being offered by St. Jude.

The Problem with Password Protection

Password protection doesn't provide information security.  Earlier this week I noted that the HHS--the organization charged with enforcing HIPAA and patient data security--uses encryption software on all laptops, as well as on desktops that weren't secured physically. (HIPAA Encryption: What Does the HHS Use?)

And there's a reason for that: as a federal agency, they have to follow with a government standard known as FIPS 140-2 which is maintained by the National Institute of Standards and Technology.  According to their guidelines, password-protection does not afford data security.

Now, the information that is retained by the HHS is probably not too different from what St. Jude's had.  And yet the HHS declines to use password-protection and goes for something much stronger.  What does this tell you about St. Jude's data protection policies?

Encryption Software: California and Federal Laws Affords Safe Harbor

St. Jude took two hits by not using disk encryption programs to protect their data.  The first is the increased risk to patient data.  The second is its inability to take advantage that the state laws provide.

St. Jude is located in California, and under California law, an entity does not need to make a breach public if the information is protected using encryption.  Furthermore, HIPAA rules, amended by the HITECH Act, also provide the same protection from disclosure.

Needless to say, using encryption kills two birds with one stone, and not taking advantage of such protection is short-sighted.


Related Articles and Sites:
http://abclocal.go.com/kabc/story?section=news/local/orange_county&id=7414662
http://www.ocregister.com/articles/medical-246434-jude-data.html

 
<Previous Next>

Data Encryption Software: Symantec Buys PGP and GuardianEdge Further Consolidating Data Security Industry

Data Breach Cost Challenged By Insurance Company

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.