in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption Software: Loma Linda Hospital Reports Computer Theft

Man, coming in to work on Memorial Day is a tough deal.  At least, it's given me time to catch up with data breach and security news.  For example, this blurb that escaped my notice from last week: the theft of a computer from Loma Linda Hospital, with information which I assume was not protected with hard drive encryption software.

More Than 500 Affected, Desktop Computer Stolen

According to pe.com, a desktop computer was stolen from an administrative office.  The computer contained patient names, medical record numbers, diagnoses, surgery dates, and the types of procedures underwent by the patients.  A separate notice on the presence of financial information and SSNs is not mentioned; however, seeing how the computer was stolen from the Department of Surgery, one imagines such information wouldn't necessarily be present.

What Commentators Say

Two comments at the pe.com have arrested my thoughts.

First, guenavere noted how the new "Healtcare bill...states personal information both financial and health will be obtained by the government. I wouldnt be surprised if this is the beginning of it." (all misspelling errors her own).  Okkkkaaaaayyyy.....

All the more reason for using encryption software, like centrally managed encryption, on patient records, then.

Second, a comment by tax payer, asking if password protection was used.  Actually, this also relates to a comment by wkenddadPassword-protection is not really protection.

In fact, under HIPAA, password-protection has been effectively given the status of "not really providing protection."  How else can you explain that only the use of encryption or the destruction of patient data is afforded reprieve from sending notification letters when a breach takes place?

Or the fact that "secure" health information is literally defined as encrypted or destroyed information?

On the Assumption that Encryption Was Not Used

If you follow the "related articles and sites" links below, you'll notice that there is scant information on the breach.  Which might leave you asking, how do you (meaning, me, the author), or can you, assume that an encryption program was not used to protect the contents of the stolen desktop computer?

The answer lies partially on the above HIPAA requirement on notifications: since there was a notification, it can be assumed that encryption was not used.

Furthermore, the state of California--where Loma Linda Hospital is located--also has similar requirements regarding breached medical information.  As I recall, they, too, give safe harbor from reporting requirements if information has been encrypted.

I'm also operating under the assumption that no medical entity would want to burden their patients by raising a false flag--I mean, the use of encryption software like AlertBoot would have nullified any threats possibly arising from this particular theft.

Related Articles and Sites:
http://www.pe.com/localnews/stories/PE_News_Local_D_nb26_information.3353e01.html
http://www.mercurynews.com/news/ci_15165109?nclick_check=1

 
<Previous Next>

Laptop Encryption Software: Cincinnati Children's Hospital Breach Affects 61,000 Records

Data Encryption: School (K-12) Medical Records Are Protected By HIPAA? (Updated)

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.