in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Canada Medical Data Encryption: Leading Edge Physiotherapy Suffered Data Breach

Leading Edge Physiotherapy, a Canadian medical entity, was burglarized on February 3 of this year.  Among the items that were stolen was an external hard disk drive that was not protected with data encryption software.  The use of encryption like AlertBoot FDE would have helped protect Leading Edge's patients.  Informing the patients of the data breach ASAP – the public notice went out on September 7 – would have helped protect them as well (although not as well as using encryption).

Records from 2003 – 2008 Lost

While it hasn't been revealed how many people were affected by this data breach, we do know that stolen hard drive contained the scanned files of patients who were discharged between 2003 and 2008.  Names, addresses, dates of birth, treatment, diagnoses, and other physiotherapy records were stored on the hard disk.  And while encryption software had not been used to protect the hard drive, it was placed in a locked safe for safekeeping.

Physically locking digital data is one way of preventing a data breach.  However, as clearly seen from this particular story, it's not an optimal choice.  Boosting a safe, especially one that is marketed for your average office, is not very hard.  Any guy with a hammer is able to do it.  Or a guy could use a Dremel rotary tool, which makes about as much noise as a hammer but is easier on the wrists (note: I've never cracked open a safe but I've had a go at a bike lock when I lost my keys).

Contrast this with managed strong encryption from AlertBoot FDE.  The AES-256 encryption is so advanced that the US government has problems accessing it; indeed, they use secret court orders and other man-in-the-middle attacks, in addition to trying brute force methods, to get around their problems.  Such efforts require PhDs and millions of dollars, resources that your average office burglar doesn't have access to.

Knowing this, what's the better way to secure data, a safe or encryption?

Sometimes Legislation is the Answer

Bureaucracy, it's been said, can sap the life out of businesses.  On the other hand, there is something to be said about well-written legislation.

According to the site stalbertgazette.com, Leading Edge Physiotherapy (LEP) put an advertisement announcing the burglary on page 42 of the Gazette.  As noted above, the notice was sent out seven months after the event took place.  This does not sound like the actions of a concerned organization.  On the other hand, you can't really tell, can you?  LEP could have a perfectly valid reason for taking so long to warn its patients.  But then, is a warning seven months after the fact of any use?

This is why the US's HIPAA data breach notification rules – stating that a covered entity must contact patients within 60 calendar days of the breach – is so useful.  Honestly, if you haven't figured out what's going on in 60 days, chances are you won't know, and it's time to just get the message out.
Related Articles and Sites:
http://www.stalbertgazette.com/article/20130914/SAG0801/309149981/-1/sag0801/discharged-patient-records-stolen-from-physio-clinic
http://www.phiprivacy.net/ca-records-of-former-patients-stolen-from-locked-safe-at-physical-therapy-clinic/

 

<Previous Next>

HIPAA Encryption: Advocate Health's Second Largest PHI Data Breach Triggers Lawsuit

Data Breach Litigation: AvMed Laptop Lawsuit Being Settled

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.