in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Computer Hard Drive Encryption: Desert AIDS Project Announces Data Breach

According to a letter sent to clients of Desert AIDS Project (DAP), the theft of an office computer has triggered a data breach.  It has not been revealed whether the computer in question was protected with drive encryption like AlertBoot.  But, a "strong password" was used, so there's that.

Office Break-In

Desert AIDS Project reported to clients and the State of California that a thief broke into DAP offices on April 12, 2012 and stole a receptionist's computer.

The computer did not contain medical details nor certain personally identifying information (SSNs, driver's license number, credit or debit card number, health insurance number, or other account numbers).  However, there was a spreadsheet that contained client names, staff names, client status (active, discharged, etc), internal client identification number, and date of birth.

The letter goes on to note that the "spreadsheet itself does not include DAP's name" but that "other documents stored on the stolen computer may reveal its connection to DAP."

Not to be sarcastic, but so does the fact that the thief took it from the office, doesn't it?  I mean, it's not as if the computer was stolen from a car parked in a shopping mall garage.  The connection to DAP is pretty obvious.

Encryption or Password-Only?

The use of a strong password, unfortunately, is meaningless.  A strong password tends to be long, random, and is composed of upper and lower case letters, numbers, and special characters.  The password ASF23$GaSDFSAfaSdfsad@TR3r23332rgERVfwfWwGwhLKu,MNwWQF/./.<ewqf would be considered to be a very strong password.

The problem is that if this password is not securing a computer protected with disk encryption, then getting around it is pretty easy.  You just pop out the hard drive and connect it to another computer.

In effect, the popped-out drive becomes an external hard drive and the password never comes into play because the operating system on that disk lies dormant (whereas the active operating system is the one set up by the thief or hacker).

When you're in a business where patient confidentiality is at its utmost, you must ensure that you've got more than adequate security.  At the same time, you can't go crazy: DAP probably can't afford all the things an outfit like Goldman Sachs is using to protect their data.

But, some are more affordable than others while offering enhanced protection.  Like centrally managed encryption software that uses the AES-256 to guard a computer's contents.


Related Articles and Sites:
http://www.desertaidsproject.org/notification/
http://datalossdb.org/incidents/6325-receptionist-s-computer-stolen-during-office-burglary-contained-spreadsheet-with-aids-clients-names-assigned-staff-person-client-status-active-discharged-etc-internal-client-identification-numbers-and-dates-of-birth
http://oag.ca.gov/ecrime/databreach/reports/sb24-23035

 
<Previous Next>

Data Security: Fake Skype Encryption Is Really Trojan In Disguise

Data Protection: Aneurin Bevan Health Board Fined £70,000 By ICO

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.