Some of you might remember a case from almost 2 years ago where unencrypted computer disks and tapes containing the information of patients, close to 350,000 of them, was stolen from the backseat of a car.

Well, it looks like the saga continues.  The IT worker who blew the whistle on this particular data breach was fired two months after the incident, and he has filed a lawsuit for wrongful termination.  $1 million in damages is being sought for lost wages as well as emotional distress caused by the firing.  The $95,000 paid to settle patient claims from the actual loss of the disks and tapes certainly pale in comparison.

This happened in the state of Oregon, where the whistleblower law forbids companies from firing employees because they file reports with the authorities.  However, Mr. Shields, the IT worker, might be overreaching in this case: The car that was broken into was his.  Even if he were employee of the month, every month, for 10 years in a row (that’s how long he worked at Providence Health System), I would imagine that the fact that he kept all that information in his car might be justification for dismissing him from his job.

I find it hard to blame him entirely for the fiasco, however.  As I remember it, the company did not have an actual policy to store the patient data in a secure offsite location.  Which is not suprising, since they didn't have a policy for encrypting the data, either.  Anyone knows that data breaches can happen en route to the secure, off-site location.  I guess it’s for the courts to decide who was to blame: the company for not setting the correct policy, or Mr. Shields for not exercising better judgment.

This entire episode could have been prevented by encrypting the contents of the disks and tapes.  Content encryption offered by AlertBoot allows administrators to select individual files for encryption or to specify that an entire file type is to be encrypted—existing ones as well as any future ones created.