in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

HIPAA Laptop Encryption: NYU Langone Had A Laptop PHI Breach In April

According to phiprivacy.net, NYU Langone Medical Center announced a data breach in June, a little before their July admission to another data breach that affected 8,400 people.  Unlike the latter announcement, though, the June announcement appears to be somewhat outside of NYU's control.  It's a shame that not everyone is getting the story on the importance of medical laptop data encryption, for it's the one solution that would have prevented the data breach.

Laptop Stolen from Employee Car

It's a recurring topic, this story of a laptop with sensitive data being stolen from an employee's car.  According to the NYU press release, the breach announced in June (which actually took place on April 25.  I should note that HIPAA requires notifications within 60 calendar days, and it looks like NYU came very close to the deadline) arose from a vehicle burglary.

In California.  (I don't know whether NYU has a branch out in The Golden State but my guess is that the answer is "no").

And while "the employee promptly filed a police report with the California police department and notified the Medical Center of the incident," it hasn't been explained why the computer was not protected with HIPAA-compliant encryption.  After all, this is not the first time that NYU has had a data breach involving electronic PHI.

At first, I thought it was because the device was a personal one belonging to the employee who instigated the data breach, and thus NYU had limited control over what data it carried: "The use and storage of PHI on unencrypted personal devices is strictly prohibited and against Medical Center policy."  Then I realized that this particular statement could be one that had no bearing whatsoever on the case itself, and that the hospital was just giving a general description of their policies.

The fact that they would have another data breach nearly one month afterwards is certainly a coincidence but one that could very possibly lead the HHS/OCR to closely investigate the situation, as NYU Langone has had more than its fair share of incidents over the past five years.

Related Articles and Sites:
http://www.phiprivacy.net/nyu-langone-medical-center-notified-patients-of-stolen-unencrypted-laptop-containing-patient-information/

 

 
<Previous Next>

UK Laptop Encryption: ICO Warns Barristers And Solicitors To Secure Information

Community Health Systems HIPAA Data Breach Second Largest, Company Has Cyber Insurance

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.