in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Encryption Software For Subcontractors? South Shore Hospital Update

A small update to the South Shore Hospital data breach: the company which South Shore contracted to destroy 800,000 computer records had in turn outsourced the job to a third party.  So far, it hasn't been clarified what type of data protection, if any, existed--although I'm still hoping to hear that something along the lines of drive encryption like AlertBoot was used.

Third Party Breach, First Party Negligence?

I've already covered the South Shore breach here.  In light of the revelation of the subcontracting, I wonder: who's at fault here?

The unnamed subcontractor didn't technically lose the information.  The claim is that they received a partial shipment, so technically it's not their fault.  How can you blame the receiving party, unless they had sent someone to fetch the...whatever it is that was supposed to be delivered (backup tapes?  CDs?  Hard drives?  Etch-a-Sketches?  It still hasn't been revealed.)

Then, you've got the original contractor in the middle who probably sent the records.  Did they, too, receive only a partial shipment?  Are they to blame?  Why didn't they do the job of destroying the records themselves?  The usual answer is, of course, because they could get someone else to do it for them for less.  Technically, the breach could have been avoided if the contractor hadn't outsourced the work (but, this is in hindsight and applies to this case only).

Should a courier company be blamed, the one that was employed (I'm assuming one was used) by the contractor?

And finally, we have South Shore Hospital.  Perhaps it should be blamed for the breach.  After all, they were the ones that handed the records to the contractor, presumably without using encryption software to safeguard the information (otherwise, we really wouldn't be hearing about this issue).

The more parties that are involved, the harder data security becomes.  So does pinning the blame.  Assigning responsibility, however, is easy (although not always fair): In this case, it's South Shore Hospital that's responsible.  That's why their name is listed at the "HHS 500 or more records affected" site.


Related Articles and Sites:
http://www.bostonherald.com/business/healthcare/view.bg?articleid=1270526

 
<Previous Next>

Drive Encryption Software: Cooper University Hospital Loses Thumb Drive

Laptop Encryption Software: Reports Shows Half Of All Breaches Comes From Missing Laptops

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.