in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Portable Hard Disk Encryption: NC Dept Of Health And Human Services Loses External Computer Disks

The North Carolina Department of Health and Human Services (DHHS) has announced a data breach.  While they're playing it as probably being inconsequential, it is a data breach, and under NC Senate Bill 1048, DHHS has to alert people of the data breach unless the information was secured, such as with drive encryption software from AlertBoot.

Division for the Deaf and the Hard of Hearing

DHHS has announced that computer disks belonging to the Division of Services for the Deaf and the Hard of Hearing (DSDHH) are missing.  It is their belief that the missing disks ended up at a local landfill, the result of a recent office renovation.

The disks contained information that is "accessible only using special software."  It was not revealed what type of information could be found on the disks.  The DHHS has only divulged that those who applied for DSDHH services between January 2005 and December 2008 are affected.

The disclosure -- at least, the public one; who knows about the notification letters sent to those who were affected? -- is not very helpful.  The missing disks could be at the landfill, but who's to say they weren't stolen while offices were being renovated?  And if so, should one be concerned about the data in those disks?  We don't know.  Were the devices encrypted?  We don't know.

North Carolina Has a Data Breach Law

It wouldn't be illogical to suppose that encryption software [http://www.alertboot.com/disk_encryption/central_encryption_software_management.aspx ; centralized disk management software ] was not used since the DHHS is making going public with the breach: NC has a personal information breach disclosure law, and the only way an organization can legally avoid going public with a breach is if used encryption. (On the other hand, the law doesn't prevent them from going public even if encryption had been used.)

One thing that bothers me is the "special software" language.  Normally, I would have taken it at face value, that some obscure software package would be necessary to access the data.  However, I recently ran into this story, where a company claimed that sensitive files were saved in a format that was not easily accessible.  The format?  TIFFs, which are image files that can be opened with the most rudimentary image viewing software, including web-browsers.

And, unfortunately, it makes me kinda wonder...


Related Articles and Sites:
http://www2.wnct.com/news/2011/jan/26/2/dhhs-alerts-clients-missing-records-ar-727598/

 
<Previous Next>

Information Security: FaceBook Using HTTPS And Social Authentication Captcha

Laptop Encryption Software: UIT Phoenix And Warner Pacific College Notify NH AG About Data Breach

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.