The cardiology department at Salem Hospital suffered a data breach when a laptop computer was stolen from its premises. According to a police report, the suspect is an employee at the hospital. It was not revealed in what capacity the person acted at the hospital, or whether he or she was part of the cardiology department. It is implied, however, that the computer in question did not have data encryption software like AlertBoot protecting its contents.
Although the laptop contained medical information on approximately 50 patients, a relatively small number, this incident shouldn’t be considered a minor incident to be lightly brushed off. Generally, such instances are indicative of a larger security issue. After all, the difference between a major and minor data breach is based on the number of people affected, and not on what was physically stolen (which one’s the larger breach, the theft of a laptop with information on 200,000 patients, or the theft of the same laptop model with information on 1 person? Clearly, what was physically lifted doesn’t matter as much.)
So, was Salem Hospital lax regarding information security? Is this what the latest breach points to? While I have little to go on, I’d have to say “no.” To begin with, they kept the laptop computer in a locked office. I’m not too crazy about doors being the only data protection system in place, and I have decried people relying on locked doors as their only data protection measure before, numerous times. However, combine that with everything else the hospital did do: They realized that the laptop computer was stolen, between late November and last Thursday; reported it to the police; and have an idea of who’s responsible for the theft.
In other words, they’ve probably got an audit of their computer inventory going on; actively alert their breach to the public (as opposed to burying it in the hopes that nothing untoward happens, a common reaction); and have controls to see who may have accessed that room. Such routine, unglamorous practices are the foundation of security. On top of all this, the hospital was in the process of phasing out old computers and replacing them with new ones that contained encryption software. I would have praised the hospital except for that last part.
Laptop Encryption Installation - Easier Than You Think
“What!?” might be your reaction. After all, I tend to hold encryption as the biggest addition one can make to their data security arsenal. And I still do. The thing is, though, I don’t think that serviceable computers ought to be discarded just because they don't have encryption. I’m not sure how old these computers happen to be but, assuming they were purchased in the last five years or so, I don’t see why they can’t just install encryption software on them.
In fact, seeing how it’s faster and easier to install encryption software than to replace a laptop with another one that contains encryption software (does the encryption software come built-in or what? I just don’t get it, you ultimately have to install software) and then copy over your software applications and data, it seems that just installing encryption on the old computers would be the better choice.
Plus, if the encryption software comes installed with the laptops…well, that's all good. But what about the other security-breaches-in-wait? What about external hard drives? Don’t those require USB disk data security as well? And the same goes for CDs, USB memory sticks, etc. After all, there is that pesky upcoming Massachusetts data protection law one has to take into consideration.
The installation of encryption software is quite easy. Or at least, it’s easy with AlertBoot. You download from the internet a small software application and install it. The computer does the rest (as it usually does) to ensure the contents of your computer’s entire hard drive are protected. Call me crazy, but this seems like a better approach to security that replacing laptop computers wholesale. It’s analogous to moving your home because you deem your door locks to be inadequate, instead of just getting better locks.
Related Articles:http://www.salemnews.com/punews/local_story_344001636.html?keyword=topstory