in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Medical Laptop Disk Encryption: Valley Community Healthcare Reports Stolen (Unencrypted) Laptop

One of the worst US states in which to have a data breach, especially a medical data breach, is probably California: in addition to federal HIPAA regulations, California has shown itself to be quite aggressive when dealing with medical entities that experience a data breach.  Indeed, there's some (valid) criticism that the CA Dept. of Public Health is a bit more heavy-handed than its federal counterpart.  So, it always catches me by surprise when I see a California health organization filing a data breach notification and admitting to the lack of disk encryption on its stolen laptops.

Stolen EKG Laptop

Valley Community Healthcare (VCH), according to databreaches.net, has filed a breach notification letter with the Office of the Attorney General (California).  In the letter, the organization divulges that a laptop computer that was used in conjunction with an EKG machine was stolen.  This was discovered on February 24.

The machine contained names and dates of birth but no SSNs, driver's license numbers, ID card numbers, or financial data (that last one, if it were present, would be quite surprising; why would you load financial details on an EKG machine?).  The machine was "secured" with password-protection but did not make use of medical laptop data encryption solutions like AlertBoot.

The importance of encrypting laptops that contain sensitive data can hardly be overstated.  This is especially true when it comes to medical data because the government, at the state and federal level, take data breaches very seriously: increasing financial penalties as well as other forms of censure (biannual reports on the state of IT security; unannounced audits; etc) are evidence to the greater importance placed on personal medical data security.

Additional Security Measures

Possibly as a reflection of this, VCH has also promised to "additional security measures, including IT encryption and storage of medical databases, and securing computers so that they cannot be removed."

While such an action is to be welcomed, the truth is that it's quite disappointing.  Why do it after you've experienced a data breach?  Why not do it before it happens?  It's like promising to always wear a seatbelt after you've been in a near fatal accident.

Related Articles and Sites:
https://oag.ca.gov/system/files/Valley%20Community%20Breach%20Letter%2003-2015%20SRR%20Revised_0.pdf?
http://www.databreaches.net/valley-community-healthcare-notifies-patients-after-laptop-with-their-information-was-stolen/
 
<Previous Next>

Medical Laptop Encryption: Michael Schumacher's Doctor's Offices Burglarized

HIPAA Laptop Encryption: Amedisys Notifies Of Possible Data Breach Of Encrypted Devices

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.