Wright State Physicians has announced the data breach of 1,309 patients when a janitor tossed a laptop computer. There is no mention of hard drive encryption being used. However, the laptop is buried in a landfill...reportedly.
One of the reasons why you can never achieve complete data security is the "unknown unknowns": if you don't know that it's going to affect you, or can't even being imagining it happening to you, you can't include it in your risk assessment. Take for example an asteroid hitting the earth. It's an unknown--or if you will, a known unknown--not an unknown unknown. While it's unknown when an asteroid is going to wipe out human civilization, there are people out there that known it will happen at some point in time. Likewise for floods, earthquakes, etc. These are known unknowns, and people try to account for them in their risk projection. But a janitor just tossing out a laptop computer? No one expects that. Consequently, no one plans for it, and the next you know, you have a random data breach. (It wasn't the fault of the janitor, when you think about it. The laptop was right next to the "waste can," leading him to believe it was meant for the trash. Must have been one ugly, old-looking laptop.)
One of the reasons why you can never achieve complete data security is the "unknown unknowns": if you don't know that it's going to affect you, or can't even being imagining it happening to you, you can't include it in your risk assessment.
Take for example an asteroid hitting the earth. It's an unknown--or if you will, a known unknown--not an unknown unknown. While it's unknown when an asteroid is going to wipe out human civilization, there are people out there that known it will happen at some point in time. Likewise for floods, earthquakes, etc. These are known unknowns, and people try to account for them in their risk projection.
But a janitor just tossing out a laptop computer? No one expects that. Consequently, no one plans for it, and the next you know, you have a random data breach. (It wasn't the fault of the janitor, when you think about it. The laptop was right next to the "waste can," leading him to believe it was meant for the trash. Must have been one ugly, old-looking laptop.)
There are limitations to data disk encryption software. For example, if a computer is stolen while it's on its "on" state, encryption does not protect the contents of the computer. It can't, since the fact that it's up and running means you've unlocked (bypassed) the encryption. It's an open safebox, if you need to compare it to something. However, if the computer is lost or stolen in its "off" state, then that computer becomes impregnable, at least if you're using a strong encryption program, such as AlertBoot. That's why most people claim that encryption protects data in cases related to theft or loss: chances are, those computers were lost or stolen in their "off" state. Even if a laptop with sensitive data is not meant to be carried outside a security perimeter (say, the hospital), it makes sense to use full disk encryption software on it, not only for possible instances where a janitor mistakenly throws something away, but also for your everyday cases of theft and loss.
There are limitations to data disk encryption software. For example, if a computer is stolen while it's on its "on" state, encryption does not protect the contents of the computer. It can't, since the fact that it's up and running means you've unlocked (bypassed) the encryption. It's an open safebox, if you need to compare it to something.
However, if the computer is lost or stolen in its "off" state, then that computer becomes impregnable, at least if you're using a strong encryption program, such as AlertBoot. That's why most people claim that encryption protects data in cases related to theft or loss: chances are, those computers were lost or stolen in their "off" state.
Even if a laptop with sensitive data is not meant to be carried outside a security perimeter (say, the hospital), it makes sense to use full disk encryption software on it, not only for possible instances where a janitor mistakenly throws something away, but also for your everyday cases of theft and loss.
Related Articles and Sites:http://www.phiprivacy.net/?p=3380http://www.wrightstatephysicians.org/disclosure.pdf