620,000 reasons to encrypt

I’ve talked about it before and as an organization we’re constantly trying to tell people and organizations that encryption should be the first line of defense for data on portable devices such as laptops. And yet again, we’re seeing a huge data breach in Canada, this time in Alberta, due to a laptop being stolen and not being encrypted.

Yesterday it was announced that Medicentres Family Health Care Clinics in Alberta lost a laptop containing the Personal Health Information (PHI) of 620,000 Albertans. It’s a staggering number. However, the more staggering details around this breach are three-fold:

  1. The data was given to an IT consultant ‘working on an app’ that needed large amounts of data to test the app. The odds that consultant should have had access to those records are likely very low.
  2. The laptop with that data wasn’t secured or encrypted to prevent illegal access to the data.
  3. This breach happened in September 2013 and is only coming to light now – nearly 4 months after the fact

It’s hard to believe these things keep happening in the Great White North given recent fiasco involving Human Resources and Skills Development Canada. There’s really no excuse these days for breaches of this scale and there’s lot’s that could be done to prevent these things from happening.

This current breach in Alberta happened because there weren’t proper checks and balances in place. The PHI wasn’t handled properly by the organization and the consultant and it should never have been shared. The organization either did not have encryption in place or did not mandate it on the consultant’s laptop.

Now there are more questions than answers and over 600,000 people have to worry about their PHI floating out there for anyone to see (potentially). It’s a scary proposition and it’s clear the Alberta Government is taking this seriously. It’s unclear what repercussions Medicentres will face, but in looking at the brand damage, likely patient legal recourse and other things – it’s going to be an expensive mistake.

It’s a mistake that could’ve been prevented with data encryption software that would have cost a fraction of what they’ll have to pay for damage control and other potential penalties.

Previous Post
Trusted Computing Group Opal vs Enterprise SEDs
Next Post
Put On Your Thinking Cap

Related Posts

The PC is dead, long live the PC

There’s nothing like being melodramatic at the beginning of the week. Today Gartner Inc. released the latest worldwide PC shipment numbers and it looks like things are declining. Gartner is attributing much of this decline to a shift to Tablet…
Read more

Protect and Partner Up

There have been many high profile breaches in 2014: Home Depot, Target, and the most recent, Sony Pictures Entertainment. These breaches clearly illustrate that there is much work to be done across all business sizes. (more…)
Read more

The Need for Speed

Is software encryption on a notebook with a Solid State Drive (SSD) a non-starter due to performance concerns? This is a good question and I have heard it asked by some pretty smart people recently. (more…)

Nothing a patch can’t fix

Historically, when we’ve had to make updates to SecureDoc we’ve issued Service Releases (SRs) to address minor bug fixes, software update and feature additions. SRs enabled us to ensure continued compatibility with things such as Mac OS X updates. (more…)
Read more

Leave a Reply

Your email address will not be published.

Fill out this field
Fill out this field
Please enter a valid email address.

Menu
Contact Us

This will close in 15 seconds