Full Disk Encryption Can’t Help You If You Don’t Have it. Paying Attention Also Helps.

A computer was stolen from the General Internal Medicine of Lancaster offices, a medical practice in East Hempfield Township, Pennsylvania.  The computer, a laptop, contained names, addresses, telephone numbers, and Social Security numbers of many—not all—patients.


The laptop computer was being used as something of a file database.  According to the practice manager, they were in the process of scanning paperwork, required for insurance purposes, and storing the image in the laptop.  The paperwork would eventually be burned.  Ultimately, the digital records would go on disks.


The laptop was stolen when an employee briefly left the scanning area.  When the employee returned, the laptop was missing.  No word on whether there was laptop encryption on the stolen computer.


Could full disk encryption have helped in this case?  Not in preventing theft, of course, but ensuring that the theft doesn’t result in a data breach?  Perhaps.  The story that I’ve read implies the computer was stolen while scanning was in progress.  If this is the case, the laptop was turned on.  Now, if a thief stole a laptop in that state, there is not much that full disk encryption can do for this medical practice, unless the thief turns off the laptop at some point, especially before he decides to copy data.


Full disk encryption is like a strong box for digital information.  The moment you open this strong box (that is, provide the passwords for decrypting the protected information), the contents remain vulnerable until you decide to close the strong box (turn off your computer).  So, assuming that the thief stole the laptop while it was turned on, he’s essentially stolen a strong box with its door unlocked.  There is no protection in that case.


However, this does not mean that computers that are up and running are impossible to secure.  You can also use a different type of encryption, commonly called file encryption to secure data.  This differs from hard drive encryption in that the file themselves are encrypted.  So, if we can compare full disk encryption to a strong box, file encryption would be like top secret documents written in special a special language.


And, you don’t have to choose one over the other.  Many encryption products offer both.  AlertBoot, for example, features both laptop encryption and file encryption.  Using both, one can dramatically minimize the risks of leaking sensitive information.  Of course, it would be best if a person who’s in the process of scanning documents don’t leave those documents unattended.

Comments (0)

Let us know what you think