in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption Software: VA Medical Center Employee Takes Unauthorized Data Home

VA officials have announced that a staff member at the Lexington VA Medical Center (in Kentucky) took patient files home, causing a data breach.  The employee was not authorized to do so.  Instances like these show why the use of disk encryption software like AlertBoot are not a silver bullet against data breaches.

Undereducated Staff Leads to Insider Attacks

When you hear the words "insider attack" combined with "data breaches," I'm pretty sure you'll think of rogue or less-than-ethical employees that dabble in selling data such as credit card numbers or SSNs.

Depending on who you talk to, though, there are those to also include people who cause a data breach even when their purposes were far from heinous or downright noble.  The VA medical breach in Lexington is, as far as one can tell, is of this nature.  According to the lex18.com article," the information was [not] used maliciously by this employee or anyone else."

The type of data that got stolen seems to back this up: names, last four digits of SSNs, dates of birth, and medical diagnoses for 1,900 veterans in the forms of patient files, slides, images, and other data.  The information was downloaded to the staff member's laptop.  No doubt someone didn't feel like working overtime at the office and thought it would be better to work from home.

Encryption Software Can Only Do So Much

Now, I'm pretty sure that the VA has had a policy in place where any and all laptops issued at the Veteran Affairs office are protected with laptop encryption.  And yet, here we have another instance of a laptop data breach.

Or do we?

The problem with this story is that it doesn't specify whether the staffer's laptop is a government-issued one or a personal one.  If the former, we know the VA has completed encrypting all portable computers as of 2009 (as I pointed out in this VA data breach story involving another employee's personal laptop).  Under such circumstances, it would be unusual but not surprising that there is a data breach (just because an organization has deployed laptops doesn't mean that it sometimes finds that a number of computers were overlooked).

If the latter, then this is less of a laptop data breach and more of a "insider attack," however unintentional it might have been, since (arguably) the government doesn't have a say on whether you should encrypt your personal laptop or not.

What might of have been useful in this case is the automatic USB encryption we have in the AlertBoot endpoint security suite.  Under AlertBoot you have the option to automatically encrypt all digital storage devices connected to a computer that had its internal HDD encrypted.

This ensures that encrypted content on the computer cannot be copied off to some other storage device and rendering the original data protection useless.  It also works as an excellent reminder to not plug unauthorized data devices into a work computer's USB port (imagine what the encryption would do to an iPhone).


Related Articles and Sites:
http://www.lex18.com/news/va-medical-center-possible-privacy-violation

 
<Previous Next>

Full Disk Encryption: Texas Health Presbyterian Hospital Flower Mound Announces HIPAA Breach

Best Laptop Encryption Software: Some Criteria

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.