Data Encryption Software: Detroit Medical Data Breach Affects 10,000.

Sensitive, personal information that does not appear to be protected with encryption software like AlertBoot has been stolen from the Detroit Department of Health and Wellness Promotion on two separate occasions.


One involves a USB memory stick; the other involves a break-in where desktops computers were stolen from a health complex.  A total of 10,000 people are reportedly affected, although it appears that only 5,000 breach notification letters were sent out (some accounts claim only 2,700 were sent).


USB Flashdrive Stolen From Car



In late October, a flashdrive containing the information on newly-born was stolen during a car break-in.  A health department employee had copied the information to the USB stick because “information was being transferred between computers at work.”


It affects birth certificate information for residents in the 48202 and 48205 zip code areas, and specifically includes “mother’s health conditions and names, father’s names, addresses, Medicaid numbers and Social Security numbers.”


There are no details on how many were affected.


In this instance, the use of USB encryption software would have been extremely useful.  The entire USB stick is encrypted beforehand, and any files saved to it are automatically protected.


Five Desktops Stolen From Herman Kiefer Health Complex



In a separate incident in November, someone broke into the Herman Kiefer Health Complex immunization program office during Thanksgiving.


Five desktop computers were stolen, one of which contained Medicare and Medicaid billing information for people who had received the seasonal flu vaccine (not H1N1, I take it).  Names, addresses, and Social Security numbers were included.


In this case, full disk encryption (FDE) would have been ideal.  Just like the USB encryption software I mentioned above, FDE is used to protect a computer’s hard drive (its data storage space) beforehand.  After that process, any files saved on the computer are automatically protected.


The same technology is used in laptop encryption.  For understandable reasons, though, it’s not used on desktop computers: people take comfort in the heft and size of desktops, as if somehow that’ll provide data security.


Let’s face it, though: it didn’t take heavy-duty machinery to put that desktop computer in place, and it’s not going to take heavy-duty machinery to take it away.  A guy with an arm or two is all that it takes…



Related Articles and Sites:
http://www.clickondetroit.com/news/21973152/detail.html
http://www.freep.com/article/20091216/NEWS01/912160308/1322/Detroit-medical-data-stolen-after-2-security-breaches
http://www.wwj.com/Medical-Records-Stolen/5906818
http://www.detnews.com/article/20091216/METRO01/912160340/1409/METRO/Detroit-Police-probe-stolen-medical-records



Comments (0)


Let us know what you think