in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption Software: St Charles Health System Laptop Recovered

About a week ago, I had commented on the theft of a laptop computer from St Charles Health System.  A (what I assume to be) unencrypted but password-protected (factual) computer was stolen from an employee's car.  As readers of this blog know, crypto solutions like AlertBoot's drive encryption software are the only way to tilt the odds of PHI remaining secure in the event of a computer theft.

Well, the laptop computer was recovered.  According to bendbulletin.com (via phiprivacy.net),

The laptop was found in brush by an 8-year-old girl riding horseback near Horse Butte at the end of November. It was returned to the hospital by the family Dec. 16.

Good news for Charlie.  I guess they can write another 145 letters explaining the situation and relaying the good news to patients.

I did a search on Google Maps, and it looks like the girl may have found the device near this place seeing how it involves an 8 year old (I'm assuming her horse (pony?) is not her own, or at least not kept at her house.  A professional facility must be involved) and a place called Horse Butte.

Still Believe Computers are Stolen for the Hardware?

Aside from the fact that a little girl found the computer in the bushes in the middle of nowhere, the conclusion to this saga is interesting in what did happen.

First, password protection appears to have stopped an irrefutable data breach from occurring (as opposed to assuming it's a low-risk situation because there's no way to know whether data was accessed or not.  Not a problem you get with the use of whole data encryption software).  Well, kind of.

The problem with not having adequate security allows so many unlikely scenarios to unfold.  For example, what if the laptop was originally stolen by a data thief who made a bit-by-bit copy (called ghosting) of the computer's contents; left it on a public bench; was picked up by a less savvy person who tried to gain access to the computer; and left behind when the second "hacker" couldn't gain access to it?  That could explain the forensic results.

Certainly, it's a remote possibility.  As remote as a hospital computer being found by an 8-year old who was gallivanting around on a horse.

Second, here we have a scenario that, no matter what actually transpired, it cannot be refuted that this wasn't about hardware: a computer was stolen; an attempt to access it was made; and the device was tossed away when it wasn't possible to do so (or, at least, we believe the data wasn't accessed.  Logs can be modified).

The entire ordeal is patently bizarre: could this be the equivalent of a joyride?  A computer is stolen because some kid wants to check his Facebook account, finds he can't get past the password, and dumps it because he can't take it home; and what does he care, it's not his computer.  Would that cover what happened here?

How does one protect against such a thing?  Data-wise, you use encryption software.  Hardware-wise...can't help you there.  For starters, though, don't keep your laptop in an easy-to-steal place like your car.


Related Articles and Sites:
http://www.bendbulletin.com/apps/pbcs.dll/article?AID=/20111221/NEWS0107/112210393/1001/NEWS01&nav_category=NEWS01
http://www.phiprivacy.net/?p=8670

 
<Previous Next>

Laptop Encryption Software: UMMC and MS State Dept of Health Alert Nearly 1,500 Of Computer Theft

Data Encryption Software: 3000 Affected By Laptop Theft, Dept. Of Human Services Gateway Center

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.