in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Medical Laptop Encryption: Canadian Health Authority Finds Out "Certain Security Measures" Not Followed

The Winnipeg Regional Health Authority announced that there was a data breach at their Health Sciences Centre.  A laptop with patient data for 322 people was stolen.  The type of information that was stolen was not detailed, but breach notification letters were sent and the police have been called to investigate the theft.  Unlike HIPAA regulations in the US, Canada's medical legislation on patient data security varies by province, so the use of medical encryption software does not necessarily translate to safe harbor from publicizing data breaches.

Indeed, the law can be even more strenuous than the US's, in some cases mandating that encryption software be used, while in other provinces its use is merely recommended (although most agree that encryption represents "no actual loss of information" and will not require a notification).

WRHA Holding Independent Investigation

Despite the police involvement, the Winnipeg Regional Health Authority has said,
it's conducting its own investigation "to determine exactly how and why certain security measures do not appear to have been followed in this case," WHRA vice-president and CEO Real Cloutier.
When referring to "certain security measures," I imagine that it's a reference to WRHA behavioral policies that were designed to stop data breaches from happening.  The problem with such security policies is that, at some point, they will fail because people are terrible at being consistent.

Had laptop encryption been used to secure the information on the machine, which is an infinitely more reliable way of protecting digital information, WHRA would be in better position.  

This is not to say that whatever policies I imagine they currently have are worthless.  Far from it, they're required for a number of reasons, including the need to protect equipment from theft, or preventing physical altercations.  However, because more can be done for data security – namely, the use of encryption – and because of the importance visited on it, security shouldn't just stop at physical and behavioral policies.

Related Articles and Sites:
http://globalnews.ca/news/1572710/stolen-laptop-contained-info-on-hundreds-of-patients/
https://oplfrpd5.cmpa-acpm.ca/-/protecting-patient-health-information-in-electronic-records
 
<Previous Next>

HIPAA Encryption: Burglars Break Through Metal Doors To Steal Laptop

Encryption Software: Less Than 1% Of Breached Records Encrypted

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.