in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption Software: Colorado Department of Health Care Policy and Financing Loses Disk, Causes HIPAA Breach

The Colorado Department of Health Care Policy and Financing has announced that over 3,500 medical-aid applicants' information was lost when a disk was lost en route to a state agency.  The disk does not appear to have been protected with data encryption such as AlertBoot.

Nearly 3,600 Affected

According to the denverpost.com, HCPF officials have said that 3,590 people's protected health information was included in the missing disk.  Although dates of birth, SSNs, and other personal information that is used in identity theft was not included, the disk did contain names, addresses, and state identification numbers.

The breach was discovered on May 6.

HIPAA Breach Notification Rules

The HCPF made it clear that the reason why they were announcing the breach was due to HIPAA.  According to a HIPAA amendment in the HITECH Act of 2009, and as interpreted by the US Department of Health and Human Services (HHS), any medical HIPAA-covered entities that experience a breach must notify patients that were affected by said breach (but only if protected health information is involved).

No ifs or buts...unless that information was protected with encryption software.  Not just any encryption, but strong encryption (such as AES -256).  Otherwise, the entity that was entrusted with the information must notify patients and the HHS, which will in turn publicize any breaches involving 500 or more patients.

I must admit that I'm surprised that information still gets sent via an unencrypted disk.  But maybe I shouldn't be.  After all, it happens more often that you imagine it would.  And, in the current environment of hacked servers and misdirected email (and regular mail, for that matter), perhaps it makes sense.

But why not have a requirement to send it in encrypted format?  The encryption password can still be sent over email, and the only way that can cause damage is if someone manages to intercept the email and the package.

And that is definitely more secure than sending something unencrypted via mail.


Related Articles and Sites:
http://www.colorado.gov/cs/Satellite?blobcol=urldata&blobheader=application%2Fpdf&blobkey=id&blobtable=MungoBlobs&blobwhere=1251723446747&ssbinary=true
http://www.denverpost.com/commented/ci_18386029

 
<Previous Next>

Drive Encryption Software: Pfizer Has Another Breach, Laptop Was Encrypted

Data Encryption Software: Does HIPAA / HITECH Really Give You 60 Days For Patient Notification?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.