in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption Software: Ohio PASSPORT Program Breach

The Ohio District 5 Area Agency on Aging has announced a data breach that affects 78,000 people in total, if I'm reading things correctly.  The breach was triggered when a laptop computer was stolen.  The implication seems to be that hard drive encryption like AlertBoot was not used to secure protected health information.

Car Theft

The laptop computer was stolen from an employee's vehicle on June 3.  The employee was a case manager, and the car was parked at a library in downtown Mansfield (per wmfd.com).  It contained personal health information (PHI) on 43,000 people, and contact information on an additional 35,000 "related clients' personal representatives" are affected.

Just what type of patient information was lost (PHI can range from medical diagnostics, to patients' names, to their credit card numbers) has not been specified.

The PASSPORT program stands for "Pre-Admission Screening Providing Options and
Resources Today."  In a nutshell, it provides alternatives to nursing homes and other forms of age-based institutionalization (hate to put it that way, but that's what is, essentially).  It is funded via Medicaid, which means that the loss of this laptop has HIPAA / HITECH repercussions.

Or does it?  The agency director has been quoted that the computer requires two passwords, and hence it would be difficult to be hacked (wmfd.com).

Password or Encryption Software?

The problem with the director's statement is that it doesn't really reveal anything.  Are the passwords in any way associated with encryption?  Or is it literally two passwords?  If the latter, it could be that there is less security than the director believes there is.

After all, if the use of passwords alone were considered "security," why is it that safe harbor is not extended under the HITECH Act when patient data is lost or stolen, whereas the use of medical data encryption does afford safe harbor?  (By safe harbor, I mean granting a breached entity the option to not send notification letters.)

Is it because of the encryption lobby?  Nope.  It's just that encryption today secures any sensitive data that is worth securing, not because of some conspiracy, but because encryption works.


Related Articles and Sites:
http://www.mansfieldnewsjournal.com/assets/pdf/B7175736617.PDF
http://www.newsnet5.com/dpp/news/local_news/laptop-stolen-from-department-of-aging-thousands-at-risk-for-identity-theft
http://www.wmfd.com/newsboard/single.asp?Story=46591

 
<Previous Next>

Hard Disk Encryption For Non Profits in the UK

Data Security: Allegations That Sony Fired Security Employees Prior To Breaches

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.