- Jun 9, 2013
- 6,720
They may have won the NFC East division last year, but the Washington Redskins really need to get their heads in the game. The security game, that is.
A trainer’s laptop has been stolen, containing thousands of records for the NFL team’s players going back 13 years, all containing password-protected, but unencrypted, medical data.
The situation is, alas, not uncommon; the theft of laptops containing unencrypted medical records is an ongoing problem and one of the top categories of HIPAA disclosures to the US Department of Human Health and Services.
"It seems almost inevitable that if you put unencrypted confidential data on a laptop it will be stolen,” Tim McElwee, president of Proficio, told Infosecurity. “The solution is simple—stop doing this."
At the very least, if one must do this, then it’s important to follow best practices of encrypting all sensitive personal data as it enters a system, at rest, in use and in motion.
"This incident clearly indicates how important it is to encrypt data at rest, especially when mobile devices (laptop, tablets, phones) are involved,” Giovanni Vigna, Lastline CTO and co-founder said via email. “Password protection can prevent the occasional onlooker from accessing the data, but if a disk can be removed or a whole device stolen, only disk encryption can protect the data."
Full Article. Stolen Washington Redskins Laptop Had Thousands of Medical Records
A trainer’s laptop has been stolen, containing thousands of records for the NFL team’s players going back 13 years, all containing password-protected, but unencrypted, medical data.
The situation is, alas, not uncommon; the theft of laptops containing unencrypted medical records is an ongoing problem and one of the top categories of HIPAA disclosures to the US Department of Human Health and Services.
"It seems almost inevitable that if you put unencrypted confidential data on a laptop it will be stolen,” Tim McElwee, president of Proficio, told Infosecurity. “The solution is simple—stop doing this."
At the very least, if one must do this, then it’s important to follow best practices of encrypting all sensitive personal data as it enters a system, at rest, in use and in motion.
"This incident clearly indicates how important it is to encrypt data at rest, especially when mobile devices (laptop, tablets, phones) are involved,” Giovanni Vigna, Lastline CTO and co-founder said via email. “Password protection can prevent the occasional onlooker from accessing the data, but if a disk can be removed or a whole device stolen, only disk encryption can protect the data."
Full Article. Stolen Washington Redskins Laptop Had Thousands of Medical Records
