Medcenter One has gone public with a data breach. According to numerous sources, an employee's vehicle was broken into and a corporate laptop was stolen -- along with other items. It appears that disk encryption software was not used to protect the contents of the now-missing portable computer.
The laptop computer -- "secured" with password-protection -- stored names, dates of birth, and hearing test results for 650 people. The vehicle break-in occurred on October 21. Besides the laptop computer, paper documents (with medical data) and hunting equipment was also taken from the car, which was parked in the employee's driveway. Included in the details is the fact that perhaps the employee's child may have "left the vehicle doors unlocked" when he/she went to get something in the car. Unfortunately for the employee, this doesn't stand as an explanation. First, there is the fact that he (I'm assuming "he" because of the hunting equipment) left the laptop overnight in the car. The child could be culpable for the eventual theft. Or, the child could be the reason why the car doesn't have a broken window. Thieves are known for smashing glass when stealing stuff from a car, you know? Second, the theft appears to have occurred between 7 PM October 21 and 8 AM October 24. In other words, not only did this Medcenter One employee leave the laptop in his car overnight, he left it in the car over the weekend. I don't know how safe that particular neighborhood is, but leaving anything valuable in your car over the weekend is always a bad idea, locked door or not.
The laptop computer -- "secured" with password-protection -- stored names, dates of birth, and hearing test results for 650 people.
The vehicle break-in occurred on October 21. Besides the laptop computer, paper documents (with medical data) and hunting equipment was also taken from the car, which was parked in the employee's driveway. Included in the details is the fact that perhaps the employee's child may have "left the vehicle doors unlocked" when he/she went to get something in the car.
Unfortunately for the employee, this doesn't stand as an explanation. First, there is the fact that he (I'm assuming "he" because of the hunting equipment) left the laptop overnight in the car. The child could be culpable for the eventual theft. Or, the child could be the reason why the car doesn't have a broken window. Thieves are known for smashing glass when stealing stuff from a car, you know?
Second, the theft appears to have occurred between 7 PM October 21 and 8 AM October 24. In other words, not only did this Medcenter One employee leave the laptop in his car overnight, he left it in the car over the weekend. I don't know how safe that particular neighborhood is, but leaving anything valuable in your car over the weekend is always a bad idea, locked door or not.
The most glaring aspect of this story is not the fact that car was left unlocked; or that the laptop was left in the car; or that it's even being insinuated that a child could be responsible for this breach. The most glaring aspect of this story is in the use of password-protection. Password-protection is nothing but a child's security blanket: comforting to the person using it, but hardly a piece of weaponry against monsters that may exist in the darkness, if it comes to that. And, in the real world, monsters do exist in the dark. What that laptop ought to have had is encryption software like AlertBoot. If password-protection is a security blanket, encryption is a security blanket with an iron rod hidden beneath it: real protection. Of course, the parallel breaks down at this point because encryption is all about defense, not offense, but you get the idea: there's substance if encryption is used. It's the only reason why most states with data protection and breach notification laws give data breaches a pass if encryption is used to secure a laptop or other type of data storage device.
The most glaring aspect of this story is not the fact that car was left unlocked; or that the laptop was left in the car; or that it's even being insinuated that a child could be responsible for this breach.
The most glaring aspect of this story is in the use of password-protection. Password-protection is nothing but a child's security blanket: comforting to the person using it, but hardly a piece of weaponry against monsters that may exist in the darkness, if it comes to that. And, in the real world, monsters do exist in the dark.
What that laptop ought to have had is encryption software like AlertBoot. If password-protection is a security blanket, encryption is a security blanket with an iron rod hidden beneath it: real protection. Of course, the parallel breaks down at this point because encryption is all about defense, not offense, but you get the idea: there's substance if encryption is used.
It's the only reason why most states with data protection and breach notification laws give data breaches a pass if encryption is used to secure a laptop or other type of data storage device.
Related Articles and Sites:http://bismarcktribune.com/news/local/crime-and-courts/medcenter-says-theft-compromised-patient-information/article_9c31e536-116d-11e1-8d40-001cc4c03286.htmlhttp://www.therepublic.com/view/story/5ffe8d1237c5451b808a7084480ca215/ND--Medical-Records-Theft/