The Children's Hospital of Philadelphia announced the theft of a laptop computer. From the article, it's quite apparent that the device was not protected with laptop encryption software like AlertBoot software; however, some form of data security was possibly used.
The breach occurred on October 20 when the laptop was stolen from an employee's vehicle parked outside his home. Which is unconscionable. Why not take that extra step and take the laptop with you? I guess the employee must have had a reason (example: stopped by the grocery store and the ice cream was melting, so that was taken care of first). The number of people affected by this latest breach is 943, with possible breaches of SSNs and other personal information. This is the second time this week that I've reported on a data breach occurring from a car burglary. I guess, statistically, it's not really indicative of anything. There's probably more instances of breaches emanating from car break-ins that don't get reported. But still, this is not something that I would call a fortuitous happening.
The breach occurred on October 20 when the laptop was stolen from an employee's vehicle parked outside his home. Which is unconscionable. Why not take that extra step and take the laptop with you? I guess the employee must have had a reason (example: stopped by the grocery store and the ice cream was melting, so that was taken care of first).
The number of people affected by this latest breach is 943, with possible breaches of SSNs and other personal information.
This is the second time this week that I've reported on a data breach occurring from a car burglary. I guess, statistically, it's not really indicative of anything. There's probably more instances of breaches emanating from car break-ins that don't get reported. But still, this is not something that I would call a fortuitous happening.
From the philly.com article: "The information on the computer was password-protected, but an analysis found it was 'possible to decode the security controls on the laptop and gain access to the personal information.'" What does this mean? Does it mean the file itself was password-protected? Or does it mean that the laptop itself was secured? Either way, it's quite evident that the computer and its data lacked adequate security. A better method of protecting the data would have been the use of encryption software, as pointed out by the commentators to the article. Full disk encryption (FDE), for example, would have prevented access to the laptop (in fact, with pre-boot authentication, the device wouldn't even boot up until the correct username and passwords are provided). Using file encryption would have prevented access to the sensitive file. It still allows access to everything else on the computer, though, so I tend to recommend FDE over file encryption when possible. (While there are pros and cons for each type of encryption, FDE wins over because it's just more...erm..idiot-proof.)
From the philly.com article: "The information on the computer was password-protected, but an analysis found it was 'possible to decode the security controls on the laptop and gain access to the personal information.'"
What does this mean? Does it mean the file itself was password-protected? Or does it mean that the laptop itself was secured? Either way, it's quite evident that the computer and its data lacked adequate security.
A better method of protecting the data would have been the use of encryption software, as pointed out by the commentators to the article.
Full disk encryption (FDE), for example, would have prevented access to the laptop (in fact, with pre-boot authentication, the device wouldn't even boot up until the correct username and passwords are provided).
Using file encryption would have prevented access to the sensitive file. It still allows access to everything else on the computer, though, so I tend to recommend FDE over file encryption when possible. (While there are pros and cons for each type of encryption, FDE wins over because it's just more...erm..idiot-proof.)
Related Articles and Sites:http://www.philly.com/philly/news/pennsylvania/20091201_Hospital_laptop_stolen__data_may_be_breached.html