Saint Alphonsus Regional Medical Center ("St. Al") has announced that 1,000 current and former employees may need to protect themselves against ID theft after a backup tape went missing. It looks like drive encryption like AlertBoot was not used to protect the contents.
The fault does not like with St. Al, though, but with an outside contractor. Consulting firm Mercer lost a backup tape that contained information for several firms, and St. Al happens to be one of them. Other firms that were affected so far: St. Luke's Health System announced that several thousand employees were affected. Idaho Power employees and dependents were affected as well. Mercer was not the actual company that lost the backup tape. You can blame the courier company was transporting the tape from one office to another. On the other hand, you can't blame the courier company for not encrypting the drive. One might argue that, had the courier not lost the tapes, that wouldn't be an issue. And that's true. But, then, aren't data security policies followed because such things happen?
The fault does not like with St. Al, though, but with an outside contractor. Consulting firm Mercer lost a backup tape that contained information for several firms, and St. Al happens to be one of them. Other firms that were affected so far:
Mercer was not the actual company that lost the backup tape. You can blame the courier company was transporting the tape from one office to another.
On the other hand, you can't blame the courier company for not encrypting the drive. One might argue that, had the courier not lost the tapes, that wouldn't be an issue. And that's true. But, then, aren't data security policies followed because such things happen?
Mercer has pointed out that the chances of a data breach are low: one would have to possess a "special drive" to read the data off the tape. Perhaps it's because I've worked in an environment where tape drivers were present, but there's nothing special about these, except being exceptionally loud when being operated. Nothing special about them, unless we're talking about their rarity in the average home. That's not really grounds for feeling secure, though. You can, in fact, order one over the internet if you've got half a grand lying around. Now, had data encryption been used to protect the contents of the now-missing tapes, it would be grounds for feeling secure. After all, encryption software was created with data security in mind. And it does a great job. For example, did you know the FBI hates encryption for the simple reason that it works for the bad guys, too?
Mercer has pointed out that the chances of a data breach are low: one would have to possess a "special drive" to read the data off the tape. Perhaps it's because I've worked in an environment where tape drivers were present, but there's nothing special about these, except being exceptionally loud when being operated.
Nothing special about them, unless we're talking about their rarity in the average home. That's not really grounds for feeling secure, though. You can, in fact, order one over the internet if you've got half a grand lying around.
Now, had data encryption been used to protect the contents of the now-missing tapes, it would be grounds for feeling secure. After all, encryption software was created with data security in mind. And it does a great job. For example, did you know the FBI hates encryption for the simple reason that it works for the bad guys, too?
Related Articles and Sites:http://www.nwcn.com/news/idaho/saint-alphonsus-data-tapes-personal-info-99693474.html