in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Laptop Encryption Software Not Used For NC State Laptop

A laptop computer belonging to the state of North Carolina was lost in Atlanta.  This loss could potentially turn into the data breach of over 85,000 N.C. residents who are registered with the Division of Aging and Adult Services, a part of the Department of Health and Human Services of North Carolina.  It appears that the stolen laptop did not incorporate the use of information security software like hard drive encryption, available from companies like AlertBoot, a managed encryption service provider.

Instead, the only attempt at data security was the use of password protection.  Lamentable, since the use of passwords only will not really protect data.  I’ve often alluded that this form of “protection” (always in quotation marks) is no better than hiding your house’s keys beneath the welcome mat (an object named in response to the “thank you” the house burglar will offer nonchalantly as he proceeds to steal your valuables).

Of the affected, 50,000-plus clients had their full Social Security number listed, while an additional 30,000 had the last four digits of their SSNs compromised.  Letters are being sent to both groups, the one being asked to place a fraud alert on their credit reports, and the other being asked to keep their eyes peeled, since someone could attempt to defraud them with the limited data.

The question that some may ask is, what’s a guy from North Carolina doing in Georgia with a list of SSNs of 85,000 people?  And the reply in this case would be, doing his job.  He had to attend some kind of conference.  He probably took his laptop because unlike proctologists that hold their parties/conferences in Maui, he had work to do, e-mail to check, and other work-related stuff that required him to take his work computer with him.

Which leads to this question:  why wasn’t the laptop computer encrypted?  The DAAS is a division of the HHS of North Carolina.  This makes it a covered entity under HIPAA regulations (I would assume, since, as I understand it, HIPAA guidelines were meant to be adopted by the HHS as well), and this means there are strict regulations regarding the storage and protection of data.

For example, there are HIPAA regulations stating that passers-by should not be able to shoulder-surf medical data, meaning the screen of computer monitors should be facing away from corridors and hallways.  Computers with sensitive data should be located in rooms that can be locked.  Encryption, if I recollect correctly, is not required unless other methods of protection (like the locked door) is not available or possible.

A laptop computer at the airport is in open space by definition.  I’m sure locked cars were not what legislators were thinking of, even if the original law was drafted back in 1996, and the world was, arguably, a safer place back then.  The above case, even if the laptop computer was not stolen, is a prime example of situations where hard drive encryption should have been used.


Related Sites:
http://www.upi.com/Top_News/2008/11/05/Laptop_with_Social_Security_numbers_swiped/UPI-19091225920974/
http://www.istockanalyst.com/article/viewiStockNews+articleid_2771760.html
http://www.wxii12.com/news/17898651/detail.html
http://www.news-record.com/content/2008/11/05/article/state_laptop_with_private_data_reported_stolen

 
<Previous Next>

Bank of Ireland Loses USB Memory Stick With Customer Data, Admits Drive Encryption Not Used

Pharmacy Benefits Manager Express Scripts Gets Extortion Letter - A Sign Of Things To Come For Data Breaches?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.