in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Hard Disk Encryption Not Used In Stolen Reid Hospital Laptop

Reid Hospital out of Indiana has announced to the media that a laptop with patient information was stolen, triggering a data breach.  It appears that the laptop was not protected with disk encryption like AlertBoot.  Normally, I wouldn't be so brazen, but today I must ask: what were they thinking?

Home Office

The reason for my outburst?  The computer "was stolen from the home office of a Reid Hospital employee."  It may have contained patient information for nearly 20,000 people who received services from 1999 to 2008, including names and SSNs.

It boggles the mind: 10 years' worth of data on a portable computer, and not an iota of encryption in sight?

Unless this guy's house was in the middle of some underground military base, why would you not use encryption software to protect the contents of the laptop?  It is true that under HIPAA/HITECH, the use of encryption is not a requirement.  However, it is also true that you're required to analyze the situation first and see whether encryption is necessary.  Once you find that it isn't, that's when you opt not to encrypt data.

Your average home is not a secure installation, as events clearly demonstrate.

Password-protection, All Out Burglary

Craig Kinyon, Reid president/CEO, said the computer was password protected and was one of numerous items stolen in the break-in, which indicates the information was not the target of the thieves. [whiotv.com]

So what?  Ever hear of cars being stolen with bags in the trunks or backseats?  Even if the cars are recovered, any valuables in those bags are generally not, assuming the bags are recovered as well.  Likewise, just because a laptop computer was stolen along with other items does not mean that the thieves are not interested looking around and stealing data.  It just means we have no idea what's going to happen.

Now, if the laptop had been protected with disk encryption, we'd be pretty sure what would happen: the data would remain safe, inaccessible to the thieves.

What about password-protection?  Wouldn't that help?  A little bit, yes; but not much.  Password-protection, despite its name, does not really provide much protection.  It really ought to be renamed password-obstacle, because that's what it is, an obstacle.

What's the difference?  Imagine an animal reserve in Africa.  There is only one road leading to it.  As you drive, you come upon a gate.  Only by buying a ticket are you able to proceed into the reserve and enjoy your safari.  The gates and fence are there purportedly to provide security, ensuring non-ticket holders are kept out (including poachers) while keeping animals in.

However, if you travel along the gate for about a mile, either way, you find that the fence suddenly disappears; you're able to get into the animal reserve without any hindrance.  Now you see that the gate and fence were nothing but obstacles.

Password-protection is exactly like this gate: it's so full of documented holes, one wonders why anyone would rely on it for data security.

Data encryption, on the other hand, is recommended for laptop computers and for any digital media that is portable because such security holes are not present.  In fact, the only "hole" present would be the sharing of password, unknowingly or otherwise, which is not a technical weakness as much as a human one.


Related Articles and Sites:
http://www.pal-item.com/article/20110509/NEWS01/110509027/-No-heading-
http://www.whiotv.com/news/27828194/detail.html

 
<Previous Next>

Disk Encryption Software: Dunes Family Health Care Data Breach Affects 16,000

Laptop Disk Encryption For Psychologists: Securing Data Under HIPAA/HITECH

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.