in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

HIPAA Desktop Computer Encryption: PCs Are More Portable Than You Think

One of the ongoing debates between IT vendors and HIPAA covered entities is whether PCs – that is, the desktop computer – needs to be encrypted.  The position we hold at AlertBoot is that, if you are using encryption software to protect the contents of a laptop computer used in the office, you cannot justify not doing the same for a PC.

Reasons Given for Not Encrypting a PC

Yet, when it comes to desktop computer encryption, most covered entities will balk.  The reason tends to be two-fold.  First, encrypting a desktop computer is not free; it costs as much as encrypting a laptop computer.  As is usually the case, the less computers you encrypt, the less expensive it is.

Second, there is this preconceived perception that because a desktop computer is less portable than a laptop, it must also be harder to steal.  Nothing could be further from the truth, however.  They say that seeing is believing, so take for example this case from Salina Regional Health Center.  

What is That, a Pizza?

In the embedded video, you can see a man prowling around what appears to be a hospital.  He is holding a stuffed bunny rabbit, which I assume is being used as a sort of decoy for deceiving people that he's got a reason for being there.

A number of different camera shots later and he's going into the emergency exit with some dark, slightly bulky object.  I had to rewind the video (or whatever it is you do in YouTube) to ascertain that the object in his hands was dark because he had wrapped something with his jacket.  Had I not known the video was part of a story about a stolen computer, I wouldn't have known what it was.  Initially, I thought maybe he was delivering a pizza or something, which didn't quite make sense.

This is the point: stealing a desktop computer is not as hard as people think.  It's harder than stealing a laptop, just like stealing a laptop is harder than stealing a smartphone, but none of the listed misdemeanors is especially hard to commit.  Cumbersome is probably more on the mark.

Is a HIPAA Breach Worth the Risk?

According to the story, the Salina computer theft resulted in a loss of a $1,000 computer and $100 in damages.  However, if the computer contains PHI (which it doesn't sound like... but then, who knows really?  Data always ends up somewhere it's not supposed to), then the actual damages would be astronomically higher: the cost of notifying patients under HIPAA's Breach Notification Rule; the perceived damage to the health center's image; the cost to defend itself from a (possibly baseless) lawsuit; etc.

Would full disk encryption prevent all of these costs deriving from breaching HIPAA rules?  Absolutely.
Related Articles and Sites:
http://www.hayspost.com/2013/12/04/computer-theft-from-hospital-video/

 

 
<Previous Next>

Data Breach Cost: $7 Million Used In Maricopa Breach Notification

HIPAA Encryption: Houston Methodist Hospital Report Theft Of Encrypted Laptop

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.