in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption Software: U of Maine Health Services' Data Hacked

There certainly seems to be an odd influx of breach stories related to archives this week.  Health services at the University of Maine have reported the breach of medical information for nearly 5,000 students.  It's a situation that could have been easily prevented by having the appropriate policies and security tools, like data encryption software.

From 2002 to This Past Week

The breach was discovered when staff at the UMaine Counseling Center noticed that their computers were running slow.  An investigation showed that they had been hacked.  Unfortunately, the computers contained databases with names, SSNs, and clinical information for 4,585 students who visited the counseling center between 2002 and 2005.

A second computer was hacked later, which contained an active database.

Archives.  Were They Protected?

As I often mention, there is only so much that encryption can do.  In the above example, an active database was involved.  Now, it's possible to encrypt such a database, which would have protected the students' information if the database file were downloaded wholesale.

However, being an active database, at some point someone would have to enter a password to access the data.  The hacker could easily obtain the password by installing a keystroke logging program.  The only way to protect the active database would have been by ensuring that UMaine's computers were not hacked in the first place.

This, however, is not necessarily so with the archived information.  There are many reasons for archiving information, but it's usually because it's not used but needs to be kept around.  While the danger of gaining a password via a key logger still exists, it's much lower than what would be expected for an active database.

UMaine should have stored that archive after running it through some kind of file encryption program, such as AlertBoot, which uses AES-256 based encryption.

Related Articles and Sites:
http://www.sunjournal.com/state/story/870870

 
<Previous Next>

Disk Encryption: NY Lincoln Medical Notifies 130,945 Of Data Breach

Hard Drive Encryption For Russian Spies?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.