Broomfield Hospital in the UK has alerted 2,000 patients that their confidential information was saved on a laptop computer that was stolen. The good news is that full disk encryption, similar to what AlertBoot offers, was used to secure the contents. The bad news? I don’t think people involved understand what encryption is and what it can do.
Too Little, Too Late? Really?
According to chelmsfordweeklynews.co.uk, when informed of the theft, Michael Summers at the Patients’ Association claimed it was “too little, too late…[adding] it is a real worry for patients and it is happening on a regular basis. I am very concerned. The NHS has not managed to secure patients’ records.”
Uh, what? Too little, too late? Let me tell you what’s too little, too late: it’s those companies and agencies out there that start their encryption process after sensitive data gets stolen because they assume that their physical security is foolproof…until events prove otherwise. It appears that Mr. Summers is making the same assumption, that physical security can be absolute.
And yet, we only have to refer back to history (modern or otherwise) to see that physical security is always a little lacking.
I’d say the hospital did itself and its patients a huge service by going ahead and encrypting their computers, as required by the data protection laws in the UK. Despite the fact that the laptop is missing, chances are the patient data on it will not be accessed.
Further proof that that hospital knows what it’s doing: none of the data is missing, since it was backed up to a computer. A secure one.
How Does Encryption Software Help?
Encryption software works by scrambling data. In order to unscramble it–so it makes sense to people–the correct password is required. Despite the simple explanation, cracking encryption is not a simple process.
It’s why government agencies across the world use encryption to secure their communications. And, what’s good enough to secure sensitive top secret and classified information should be more than adequate at protecting something like patient data.
I certainly don’t mean to imply that such data is trivial. On the other hand, revealing to the world that I’ve got, say, Hep A doesn’t put the world at the brink of war. So, if encryption can prevent city-states from pointing missiles at each other, well, it certainly can protect people’s medical conditions from being revealed.
Related Articles and Sites: