Pitt County Memorial Hospital has notified 1,700 patients that their personal information has been breached. A USB flashdrive with patient names and SSNs has been found missing (yeah, I know. That's an oxymoron). There is no mention on whether data security software, like hard disk encryption from AlertBoot, was used. The information dates back to the 1980's, according to witn.com. I wish the hospital the very best of luck. Finding people from nearly 30 years ago can't possibly be anywhere near easy. Of course, the use of encryption software to either encrypt the USB disk itself or individual files with the sensitive data would have prevented the need for all this contacting and digging for addresses from 30 years back.
Pitt County Memorial Hospital has notified 1,700 patients that their personal information has been breached. A USB flashdrive with patient names and SSNs has been found missing (yeah, I know. That's an oxymoron). There is no mention on whether data security software, like hard disk encryption from AlertBoot, was used.
The information dates back to the 1980's, according to witn.com. I wish the hospital the very best of luck. Finding people from nearly 30 years ago can't possibly be anywhere near easy.
Of course, the use of encryption software to either encrypt the USB disk itself or individual files with the sensitive data would have prevented the need for all this contacting and digging for addresses from 30 years back.
What's more interesting about the story is the comments section at witn.com. A great deal of invective and vitriol is being thrown about, pitting the "people make mistakes" crowd against the "I knew this was going to happen" crowd. There are accusation that PCMH has made some serious mistakes in the past--unrelated to data breaches, mind you--and that it was just a matter of time before they had another one. There are even accusations that the hospital is very good at (only good at?) sweeping things under the rug. Of course, all of this is hearsay, and as an independent observer, I should note that it's always a matter of time before the you-know-what hits the fan. But there is one thing I can't defend: 30 year's worth of sensitive data on a USB flashdrive.
What's more interesting about the story is the comments section at witn.com. A great deal of invective and vitriol is being thrown about, pitting the "people make mistakes" crowd against the "I knew this was going to happen" crowd.
There are accusation that PCMH has made some serious mistakes in the past--unrelated to data breaches, mind you--and that it was just a matter of time before they had another one. There are even accusations that the hospital is very good at (only good at?) sweeping things under the rug.
Of course, all of this is hearsay, and as an independent observer, I should note that it's always a matter of time before the you-know-what hits the fan. But there is one thing I can't defend: 30 year's worth of sensitive data on a USB flashdrive.
I've always noted that the form factor is not important when it comes to data security. What I mean is that, it doesn't matter how small or big a device with sensitive data happens to be: chances are, if it was moved there by a person, it can be stolen. So, relying upon the form factor for data security is a bad idea (for example, opting to save data to a desktop computer instead of a laptop-- you're data's not very secure either way). However, saving important information to a really small device is a really bad idea. Such a move can only be justified if you have data protection tools in place, like AlertBoot endpoint encryption.
I've always noted that the form factor is not important when it comes to data security. What I mean is that, it doesn't matter how small or big a device with sensitive data happens to be: chances are, if it was moved there by a person, it can be stolen. So, relying upon the form factor for data security is a bad idea (for example, opting to save data to a desktop computer instead of a laptop-- you're data's not very secure either way).
However, saving important information to a really small device is a really bad idea. Such a move can only be justified if you have data protection tools in place, like AlertBoot endpoint encryption.
Related Articles and Sites:http://www.witn.com/home/headlines/64087027.html