Establishing Digital Trust: Don't Sacrifice Security for Convenience
Several thefts of unencrypted laptops and hard drives recently exposed a significant number of people's personal information.
The Boston Baskin Cancer Foundation recently acknowledged that 56,694 patients' and employees' personal information may have been exposed when an unencrypted external hard drive was stolen from an employee's home on December 2, 2014 (h/t DataBreaches.net).
The drive contained patient demographic information, birthdates, Social Security numbers, phone numbers and first and last dates of clinic visits for patients seen between 2008 and July 2014. For employees, the drive held titles, office locations, Social Security numbers, birthdates, pay rates, and dates of employment.
While the employee had official permission to take the unencrypted drive home, patients told WREG they felt that policy should be reexamined following the breach.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
And behavioral and mental health nonprofit Aspire Indiana recently acknowledged that clients' and employees' personal information may have been exposed when "several laptops" were stolen from its administrative offices in Noblesville, Indiana on November 7, 2014 (h/t Healthcare IT News).
The data potentially exposed on the laptops includes the names, addresses and Social Security numbers of employees and a limited number of clients, along with clients' medical records numbers and limited personal health information.
In total, 45,030 people's personal information may have been exposed, including the Social Security numbers of 1,548 people. All those potentially affected are being offered free access to identity protection services from ID Experts.
"Our organization is committed to maintaining the privacy and security of the personal information in our control, and we sincerely regret this incident occurred," Aspire president and CEO Rich DeHaven said in a statement [PDF]. "We have taken steps to enhance our security, including upgrading our alarm and security systems."
Unfortunately, DeHaven didn't say whether those upgrades will include encryption of all laptops and mobile devices.
There's one piece of good news in the world of laptop security -- The Tampa Tribune reports that no data breach appears to have resulted from the theft of five laptops from U.S. Central Command (CENTCOM) in April 2013 (h/t DataBreaches.net).
"There is no indication of a data breach at this point," U.S. Attorney's Office spokesman William Daniels told the Tribune. "As cases proceed, we always remain open to new information and evidence. However, at this point, the indictment only alleges theft of government computers."
Former civilian CENTCOM employee Scott Duty, 48, of Riverview, Florida, was recently arrested in connection with the theft of the laptops.
According to the latest findings of Gemalto's Breach Level Index, more than 1,500 data breaches worldwide led to one billion data records compromised in 2014. Secure breaches, in which the compromised data was encrypted, made up 4 percent of all breaches in 2014, up from 1 percent in 2013.
With any luck, that percentage will continue to increase each year as more companies become aware of the importance of encryption.