620,000 reasons to encrypt

I’ve talked about it before and as an organization we’re constantly trying to tell people and organizations that encryption should be the first line of defense for data on portable devices such as laptops. And yet again, we’re seeing a huge data breach in Canada, this time in Alberta, due to a laptop being stolen and not being encrypted.

Yesterday it was announced that Medicentres Family Health Care Clinics in Alberta lost a laptop containing the Personal Health Information (PHI) of 620,000 Albertans. It’s a staggering number. However, the more staggering details around this breach are three-fold:

  1. The data was given to an IT consultant ‘working on an app’ that needed large amounts of data to test the app. The odds that consultant should have had access to those records are likely very low.
  2. The laptop with that data wasn’t secured or encrypted to prevent illegal access to the data.
  3. This breach happened in September 2013 and is only coming to light now – nearly 4 months after the fact

It’s hard to believe these things keep happening in the Great White North given recent fiasco involving Human Resources and Skills Development Canada. There’s really no excuse these days for breaches of this scale and there’s lot’s that could be done to prevent these things from happening.

This current breach in Alberta happened because there weren’t proper checks and balances in place. The PHI wasn’t handled properly by the organization and the consultant and it should never have been shared. The organization either did not have encryption in place or did not mandate it on the consultant’s laptop.

Now there are more questions than answers and over 600,000 people have to worry about their PHI floating out there for anyone to see (potentially). It’s a scary proposition and it’s clear the Alberta Government is taking this seriously. It’s unclear what repercussions Medicentres will face, but in looking at the brand damage, likely patient legal recourse and other things – it’s going to be an expensive mistake.

It’s a mistake that could’ve been prevented with data encryption software that would have cost a fraction of what they’ll have to pay for damage control and other potential penalties.

Previous Post
Trusted Computing Group Opal vs Enterprise SEDs
Next Post
Put On Your Thinking Cap

Related Posts

Exiting out the backdoor

In late December it was revealed that RSA allegedly implemented flawed encryption technology to enable an NSA back door into its tokens. As a result of this, a few key speakers at this year’s RSA 2014 conference are backing out of…
When virtual environments get too heavy

When Virtual Environments Get Too Heavy

As an encryption security vendor that is working its way into Mobile Device Management (MDM), I’m fascinated and constantly looking at new ways to secure mobile devices and company information. As someone with a background in virtualized environments, I’m even…
Read more

Another Brand, Another Breach

In what is beginning to appear as a weekly occurrence, another major retailer has announced they have been a victim of a data breach. Late last week, Sears-owned discount department store Kmart, quietly announced via a Securities and Exchange Commission…
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu
Contact Us

This will close in 0 seconds