A laptop belonging to Halifax Health was stolen in late August. The computer contained the billing information of 33,000 patients. Password-protection was used, although there is no mention on the use of hard drive encryption like AlertBoot to protect the contents. The laptop was stolen from an employee's car in Orange County. I'm assuming that it's the O.C. in Florida, not the one out in California, the one with all the shenanigans that, for some reason, befit transmission over the public airwaves. As mentioned before, password-protection was used to protect the information (although it's not specified whether it was the file that was protected or the computer itself). Regardless, it's not what I would consider a reason for feeling safe. Password-protection is better than nothing, but not much better. The use of encryption would have been a better choice.
A laptop belonging to Halifax Health was stolen in late August. The computer contained the billing information of 33,000 patients. Password-protection was used, although there is no mention on the use of hard drive encryption like AlertBoot to protect the contents.
The laptop was stolen from an employee's car in Orange County. I'm assuming that it's the O.C. in Florida, not the one out in California, the one with all the shenanigans that, for some reason, befit transmission over the public airwaves.
As mentioned before, password-protection was used to protect the information (although it's not specified whether it was the file that was protected or the computer itself). Regardless, it's not what I would consider a reason for feeling safe. Password-protection is better than nothing, but not much better. The use of encryption would have been a better choice.
Florida is one of the many states that exempts companies from publicizing a data breach if the lost information was encrypted. Seeing how Halifax Health is going public with the news, I think it's not much of a stretch to assume that disk encryption was not used. (I mean, what company would like this sort of attention?) This is rather unfortunate, since encryption does so much more when it comes to data protection. If encryption could be likened to a bank vault, password-protection would be like a mannequin dressed up as a security guard: on the surface, it might look like there is security in place, but a tiny bit of effort is enough to bypass such "security."
Florida is one of the many states that exempts companies from publicizing a data breach if the lost information was encrypted. Seeing how Halifax Health is going public with the news, I think it's not much of a stretch to assume that disk encryption was not used. (I mean, what company would like this sort of attention?)
This is rather unfortunate, since encryption does so much more when it comes to data protection. If encryption could be likened to a bank vault, password-protection would be like a mannequin dressed up as a security guard: on the surface, it might look like there is security in place, but a tiny bit of effort is enough to bypass such "security."
Related Articles and Sites:http://www.cfnews13.com/News/Local/2009/10/14/laptop_stolen_from_halifax_health_employees_car.htmlhttp://www.news-journalonline.com/NewsJournalOnline/News/Headlines/frtHEAD04101509.htm