6,000 current and former employees at Sutter Health in Sacramento are being notified that they should keep an eye on their credit reports. The warning stems from a surprise laptop data breach which looks to be contained. Had a data security measure like laptop encryption software been used, the entire incident could have been avoided. Nevertheless, Sutter should be counting its blessings.
Repair Shop Contacts Sutter Health
Sutter Health officials only learned of the data breach when a computer repair service called them last month regarding a laptop computer. While there aren’t enough details in the media as of yet, it looks like the computer was brought in for repairs, and in that process, the technicians found a file with sensitive information–SSNs and names, at least–and contacted Sutter.
Sutter officials did not realize that the laptop was out and about. According to an article at cbs13.com, it was believed that the laptop in question was still in possession of the employee who had been issued this computer back in 2007.
It is not known who brought in the laptop for repairs, or what prompted the technicians to call up Sutter…which is pretty weird. I mean, if a Sutter employee brings in a Sutter computer for repairs, what’s so unusual about that? So, the actions on the part of the technicians seems to imply that something was fishy about the entire affair.
Sutter Health’s computer technicians (not the repair guys) checked out the hard drive, and found that it was not accessed by anyone since 2007 (except for the guys who called in), according to cbs13.com.
The thing was issued back in 2007, it was unaccessed since 2007, and it only surfaced about a month ago? Plus, Sutter didn’t realize the laptop was missing, so the employee who had been issued the computer either a) only used the computer for a very short time since it was issued and lost it quite recently or b) lost it over one year ago and never reported it (nor was he required to produce it as part of a regular inventory checkup).
There is also the possibility that the employee is being the fall guy: he could have returned the laptop in question, but the company lost track of it and ended up somewhere–like eBay.
Regardless, it makes management look quite unfit (at least, as far as data security is concerned). But, that doesn’t mean that management is incompetent. Since the breach, Sutter is quite belatedly starting to use encryption software on all laptop computers. Employees are also being told not to save files locally, on hard drives, but on network drives that can be monitored and secured by the company.
Furthermore, old computers will be kept track of when disposed, so that data breaches can’t happen at the end of a computer’s life.
Using Encryption Software to Secure Data
The use of encryption is very important when it comes to digital data, since these can be easily copied, transferred, and made publicly available (a fact that anyone in the media industry can readily attest to).
So, how does encryption protect said data? Basically, encryption software like AlertBoot will take your original data–composed of 1’s and 0’s–and scramble them up, in a logical fashion. Of course, it’s a little more complicated than that, but that’s the gist of the matter.
And don’t let the simplicity fool you: encrypted data using strong encryption is so powerful that the ability to hack it is measured in geologic terms (eons, really).
Related Articles and Sites: