I’ve talked about data breaches due to a lost laptop before. They’re common, painful and usually generate horrible publicity. It continues to be alarming how many of these devices that are lost continue to be unencrypted. Looking around lately, there’s a very disturbing trend – healthcare professionals are losing devices left, right and center.
Here are some examples of what I’m talking about:
Breach of patient health and personal information
Surgeon’s stolen laptop stored patient’s’ records
DSHS contractor’s laptop stolen in Gig Harbor; identity theft possible risk
Glens Falls Hospital alerts patients of possible information breach
Medicaid contractor loses provider’s personal information
Laptop theft compromises Packard hospital information
Utah’s Medicaid loses control of patient records, again
Seven. That’s the number of healthcare related data breaches that have been made public this year. Of these, six were directly related to the loss of a laptop or storage device that contained patient or customer data that wasn’t encrypted.
It’s frightening. Next to typical Government agencies, healthcare and healthcare-related organizations contain some of the most personal and sensitive personal information. In this day and age, there really is no excuse for these types of lapses in security.
The other scary part is that many of these reports say it was a ‘password protected’ laptop that was stolen or lost. This is the equivalent of filing a police report for a home break-in and saying that you locked the front door, but left the back door open which is why thieves managed to get into your house. If you had an alarm system, this could have been avoided. OS passwords are not enough to protect data.
I feel like a broken record, but the best protection against data exposure on lost or stolen devices is data encryption. The cost of an FDE solution far outweighs the risks involved and healthcare related organizations should be the most vigilant in protecting patient privacy.
*NOTE: Many of these crazy stories above were sourced via SC Magazine and their great Data Breach Blog.