620,000 reasons to encrypt

I’ve talked about it before and as an organization we’re constantly trying to tell people and organizations that encryption should be the first line of defense for data on portable devices such as laptops. And yet again, we’re seeing a huge data breach in Canada, this time in Alberta, due to a laptop being stolen and not being encrypted.

Yesterday it was announced that Medicentres Family Health Care Clinics in Alberta lost a laptop containing the Personal Health Information (PHI) of 620,000 Albertans. It’s a staggering number. However, the more staggering details around this breach are three-fold:

  1. The data was given to an IT consultant ‘working on an app’ that needed large amounts of data to test the app. The odds that consultant should have had access to those records are likely very low.
  2. The laptop with that data wasn’t secured or encrypted to prevent illegal access to the data.
  3. This breach happened in September 2013 and is only coming to light now – nearly 4 months after the fact

It’s hard to believe these things keep happening in the Great White North given recent fiasco involving Human Resources and Skills Development Canada. There’s really no excuse these days for breaches of this scale and there’s lot’s that could be done to prevent these things from happening.

This current breach in Alberta happened because there weren’t proper checks and balances in place. The PHI wasn’t handled properly by the organization and the consultant and it should never have been shared. The organization either did not have encryption in place or did not mandate it on the consultant’s laptop.

Now there are more questions than answers and over 600,000 people have to worry about their PHI floating out there for anyone to see (potentially). It’s a scary proposition and it’s clear the Alberta Government is taking this seriously. It’s unclear what repercussions Medicentres will face, but in looking at the brand damage, likely patient legal recourse and other things – it’s going to be an expensive mistake.

It’s a mistake that could’ve been prevented with data encryption software that would have cost a fraction of what they’ll have to pay for damage control and other potential penalties.

Previous Post
Trusted Computing Group Opal vs Enterprise SEDs
Next Post
Put On Your Thinking Cap

Related Posts

SecureDoc Updates Are Here!

Back at RSA in February we started talking about updates and enhancements that would be coming to SecureDoc in the spring. And spring has sprung, with it, so has the latest version of SecureDoc! (more…)
Read more

Assessing Security & Risk

This week I’ve been in National Harbor, MD attending the Gartner Security & Risk Management Summit. As a newcomer to this event, it’s been a whirlwind few days delivering excellent content and insights into key market trends and customer needs.…
Read more

Security Measures to Think About

Everyone is weary of hackers and the damages that they can cause, as seen with the Heartbleed Bug and Shellshock Bash. But hacking attacks can also mean physical security breaches, as hackers do not always have to resort to intricate…

Constant Improvement

Late last year we introduced SecureDoc 6.1 and introduced a whole host of new features including MDM, FileVault 2 management capabilities, a Web-based console and more. As with any new release there are kinks that can be worked out and…

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu