in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

HIPAA Encryption: UHS-Pruitt Has Two Laptop Thefts In Two Weeks

The blog-keeper over at phiprivacy.net, Dissent, notes the difficulties she was having making heads or tails of a data breach story involving a laptop computer at UHS-Pruitt Corporation.  It turns out that she was dealing with two data breaches, both of them involving laptop thefts (disk encryption software wasn't used in either case) out of employees' vehicles.

What are the chances?  Well, yours truly cannot really answer that question without data, but let's say that it would be unlikely.  On the other hand, the fact that it happened makes it not unlikely in the future.

UHS-Pruitt Data Breach #1

On September 26, 2013, a laptop computer was stolen from a UHS-Pruitt employee's car (the car was locked).  It appears that the laptop was primarily used to access remote databases; however, documents containing PHI were also present, including SSNs.

While the use of encryption software is not mentioned, the presence of the public notice makes it quite probable that cryptography was not used to secure the patient data.

Approximately 1,300 people were affected.

UHS-Pruitt Data Breach #2

This data breach actually was caused by an affiliate (a business associate, under HIPAA parlance?).  On December 6, 2013 a different laptop was stolen from another employee's car (parked in front of her home!), causing another HIPAA breach.  The PHI breach was limited in this case, as the data contained first and last names and potential diagnoses.

Approximately 4,500 people were affected.

Again, encryption software is not mentioned, but there's a very strong possibility that it was not used.

What are the Odds?

What are the odds of such a thing happening, that the same HIPAA covered entity would experience the same type of data breach within a period of two weeks?  I don't know, as I stated before.  But, it's not illogical to observe that the chances of this happening are infinitely higher than breaking into an encrypted machine.

Of course, laptop encryption doesn't prevent laptops from being stolen.  However, it does prevent a data breach from happening (the HIPAA definition of a data breach provides an exception for encrypted PHI).

If UHS-Pruitt had not been using medical laptop encryption before, I'd say that there is no time like the present.
Related Articles and Sites:
www.phiprivacy.net/two-laptops-with-phi-stolen-from-uhs-pruitt-employees-cars-in-a-two-week-period/

 

 
<Previous Next>

Laptop Encryption: Turns Out Poker Players Need Computer Security Too

Smartphone Security: California Bill Could Force Industry To Implement Device Kill Switch

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.