620,000 reasons to encrypt

I’ve talked about it before and as an organization we’re constantly trying to tell people and organizations that encryption should be the first line of defense for data on portable devices such as laptops. And yet again, we’re seeing a huge data breach in Canada, this time in Alberta, due to a laptop being stolen and not being encrypted.

Yesterday it was announced that Medicentres Family Health Care Clinics in Alberta lost a laptop containing the Personal Health Information (PHI) of 620,000 Albertans. It’s a staggering number. However, the more staggering details around this breach are three-fold:

  1. The data was given to an IT consultant ‘working on an app’ that needed large amounts of data to test the app. The odds that consultant should have had access to those records are likely very low.
  2. The laptop with that data wasn’t secured or encrypted to prevent illegal access to the data.
  3. This breach happened in September 2013 and is only coming to light now – nearly 4 months after the fact

It’s hard to believe these things keep happening in the Great White North given recent fiasco involving Human Resources and Skills Development Canada. There’s really no excuse these days for breaches of this scale and there’s lot’s that could be done to prevent these things from happening.

This current breach in Alberta happened because there weren’t proper checks and balances in place. The PHI wasn’t handled properly by the organization and the consultant and it should never have been shared. The organization either did not have encryption in place or did not mandate it on the consultant’s laptop.

Now there are more questions than answers and over 600,000 people have to worry about their PHI floating out there for anyone to see (potentially). It’s a scary proposition and it’s clear the Alberta Government is taking this seriously. It’s unclear what repercussions Medicentres will face, but in looking at the brand damage, likely patient legal recourse and other things – it’s going to be an expensive mistake.

It’s a mistake that could’ve been prevented with data encryption software that would have cost a fraction of what they’ll have to pay for damage control and other potential penalties.

Previous Post
Trusted Computing Group Opal vs Enterprise SEDs
Next Post
Put On Your Thinking Cap

Related Posts

Encryption only works if you use it

Once again there’s been a device theft that has left the personal health info (PHI) of 11,000 patients out in the open because the device was unencrypted. But when you look deeper into the problem, the organization did actually have…

Here, there, everywhere

It’s a busy month for events as we’re a week away from U.S. Thanksgiving. This week we find our folks in a couple different places at once talking to financial services organizations in Arizona and to IT security focused organizations…
Read more

Risk Mitigation

When I attended the Gartner Security & Risk Management summit a couple of weeks ago, I attended a session about Encryption Planning Made Simple. It was a good look at some of the issues facing organizations today and the barriers…
Read more

Yahoo! Security!

It’s always fun to come up with headlines around a brand that has an exclamation point as part of their name, but I digress. What this is really about is Yahoo!’s recent announcement that they’re going to start to encrypt…
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu