in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Laptop Encryption Software Not Used On Stolen Henry Ford Health System Computer (Updated)

Henry Ford Health System is alerting its urology patients that personal information may have been breached when a laptop computer was stolen from an employee.  The hospital has admitted that the laptop did not make use of "proper security protections," one of which includes hard disk encryption like AlertBoot encryption for laptops.

Number of Patients Affected Not Being Released

The Chief Privacy Officer for Henry Ford apologized for the incident, noting that "this laptop did not have the proper security protections that we require for laptop computers storing patient information." [clickondetroit.com]

SSNs or health insurance numbers were not lost; however, names, medical record numbers, dates of birth, physical and e-mail address, telephone number, and treatment may be included.

In a separate article, a spokesperson said they wouldn't be revealing how many patients were affected by the incident, although it was mentioned that the breach affected patients who received medical services related to their prostate, between 1997 and 2008. (A news clip on the clickondetroit.com site reveals the number being in the "thousands.")

Why the secrecy?  Maybe Henry Ford's executives are not aware, but they'll have to report this breach to the HHS, and the HHS will in turn publish this information on their breach web site.  It's just a matter of time before the truth comes out.

(Update 23 NOV 2010) - 3,700 people were affected according to the notification to the HHS. [www.phiprivacy.net]

Unlocked Urology Office

I often report of employee laptops lost from their cars.  This particular case breaks the mold because the laptop was stolen from one of the hospital's offices.  Apparently, the door to a urology office was left unlocked, facilitating the theft of equipment.

Also, while the laptop was stolen on September 24, Henry Ford started sending notification letters just last week.  Apparently, they needed the time to figure out whom to contact.

It seems to me that the use of AlertBoot, not just any encryption software, would have been especially auspicious.

Managed Encryption With Built-In Audit Report

One of the strengths of AlertBoot--aside from the use of AES 256-bit encryption--lies in its reporting engine.  Traditionally, encryption software focused on making sure encryption worked as advertised, which is only logical.  But today, it's also recognized that it's not just a matter of encryption working as it should (which it tends to do); the biggest security risk lies in the fact that encryption software is not deployed as people expect it to be deployed.

For example, you have 15 laptops and 10 desktops that need to be protected.  One of your IT guys does the rounds and encrypts them all.  End of story, right?

Not necessarily.  After all, we don't work and live in a static environment.  There is a need to formally run audits to ensure that encrypted systems are still encrypted: a computer crashes, so one of the guys in the IT department formats the computer and copies over a backup of the files, forgetting to encrypt the machine.  It happens time and time again, and the only way to find that there is a security lapse is to run a check.  Now substitute 15 laptops and 10 desktop computers with 150 and 100 of each, respectively, and you see why certain computers might fall through the cracks.

While I cannot say for certain that this is what happened at Henry Ford Health System (there are a number of ways a computer could end up not being encrypted), I think it's pretty obvious that a built-in encryption audit report to their encryption software or service would have caught the fact that a computer in the urology office was not protected adequately.


Related Articles and Sites:
http://www.freep.com/article/20101115/FEATURES08/101115043/1033/Patients-notified-of-possible-breach-of-info
http://www.clickondetroit.com/news/25801194/detail.html

 
<Previous Next>

Hard Drive Encryption: 12,000 Patients at Visiting Nurse Association of Southeastern Connecticut Receive Breach Notification Letters

Data Encryption Software Is Deployed By Companies Because Of Laws

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.