The Methodist Hospital in Houston, Texas has alerted nearly 700 people that their medical information was compromised when a laptop computer was stolen. Hard disk encryption was not used to secure the information, it appears, based on what I’m reading.
SSNs and Medical Information Stored On Laptop
According to reports, the computer was “attached to a medical device that tests pulmonary function.” I take it to mean that it was recording information while hooked up to various medical testing devices.
(You know what I’m talking about if you’ve ever seen one of those Gatorade ads where a sports star is hooked up to a myriad of wires in a lab and running on a treadmill. You know, right before they splash their drink all over their faces. You’d think these guys would have better eye-hand coordination….)
Anyhow, aside from data relating to lung capacities, Social Security numbers were included as well. I can’t think of any reason for the inclusion of the SSN except as an identifier (you know, to differentiate between Bob Smith and Bob Smith).
Serve It Up From A Server?
One of the sites that covered the story, www.chron.com, has a modestly active comments section. There are people saying that the information should have been stored on a central server that was secure.
I beg to disagree. Like a particular commentator noted, clinical software is specialized, and requires “local data.” Think of it this way: there’s no way for you to save “on a server” a memo you’re writing up on Microsoft’s WordPad. Technically, you could go with a “virtual environment” to achieve it, but the costs and complexity would probably be too much.
Besides, what if the application has to be used in an environment where a communications network (internet, LAN, etc) is not available?
A better method would be installing encryption software like AlertBoot on the laptop. This way, the information on the laptop is protected if the device is stolen while easily allowing authorized users access to it.