in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption Software: VA Experiences New Breach, Signs Point To Better Security

The Veteran Affairs (VA) Department has announced a breach of patient data, which is reminiscent of a breach back in 2006.  However, based on the response the VA took, I'd say that they've definitely gotten better at handing data security.  And, it's not because they've gone ahead and used data encryption like AlertBoot on their laptops.

Physician Assistant Stores Data On Personal Laptop

The entire situation was blown wide open when a nurse scientist alerted the compliance officer that a physician assistant would not destroy illegitimately-obtained VA patient information from her personal laptop.  The physician assistant resigned on February 26 due to subsequent events.

Apparently, the physician assistant had two sets of patient data: one set with three years of information and the other with more than 18 years' worth of data.  Despite what seems to be an inordinate amount of information, the VA's CIO has noted that:

"The employee in question was never able to connect her unencrypted laptop to the VA network. Port-blocking technologies are enforced in Atlanta, and she was denied access. Thus, no ‘downloading' of information ever occurred. Any information existent on the personal laptop was hand-entered, and as you point out this violates all kinds of policies and training at the VA."

Of course, that doesn't make sense: I mean, 18 years' worth data is "hand entered?"  That physician assistant is going to need some medical assistance herself, on her wrist, especially when you consider she started working at the VA on October 2009.

There are reports, however, that the VA inspector general is investigating the possible use by the physician assistant of USB flash drives to transfer the data to her laptop.

Why did the physician assistant have all this data?  They were for an unapproved research project, according to the inspector general's office.

Layers Of Security Includes Employee Education

While there was a data breach in the technical sense, we can see from the above that the VA department has made great strides in their data security.  To begin with, I know that disk encryption is used on all VA-issued laptops, the deployment of encryption software having been completed last year (if memory serves, regarding the completion of the project).

But, as the above story shows, it's not just the use of encryption that guarantees the security of patient information.  While there is the need for many tools--notice the presence of port-blocking for non-VA laptops mentioned the VA's CIO--ultimately, it's people that will make a difference on whether data will remain secure or not.

This is especially true when it comes to people who are supposed to have access to the data but decide to repurpose that information for other uses.  Not that I'm saying there should be a culture of employees spying on each other.  However, when people become aware of unauthorized uses, procedures, etc, people need to know that they should come forward and rectify the situation, like the nurse scientist did in the above case.


Related Articles and Sites:
http://www.nextgov.com/nextgov/ng_20100309_9888.php?oref=topstory
http://www.federaltimes.com/article/20100311/IT01/3110306/1018/DEPARTMENTS
http://www.ajc.com/news/dekalb/security-breach-at-atlanta-365828.html

 
<Previous Next>

Full Disk Encryption: Not Really Understood By People, Hints Ponemon Study

Data Encryption Software: A Number Of Data Breach Incidents In Massachusetts

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.