Montefiore Medical Center has announced two incidents of computer theft. It was revealed that password-protection was used in both cases, but whether disk encryption was present was not mentioned. The latter provides security; the former not so much.
There were two burglaries, affecting five computers in total. In the first, two desktop computers were stolen from the finance department around May 22. Patient names, medical records numbers, and, in some cases, SSNs, dates of birth, and insurer information was included.
In the second, three desktop computers were stolen around June 9 from Montefiore’s School Health Program administrative offices. They included student names, dates of birth, medical record numbers, guardian contact numbers, and whether the student has a SSN (not the actual SSN itself, but whether a student actually has one).
As mentioned before, all computers were password-protected. However, as I’ve covered before, password-protection doesn’t provide protection. It really doesn’t live up to its name.
Instead, there should have been encryption software like AlertBoot installed on those machines if data protection was paramount.
Desktop Encryption is as Important as Laptop Encryption
Much has been said about the lack of encryption when it comes to sensitive data on laptop computers. But people are very silent when it comes to desktop computers with sensitive information.
I mean, desktops can be stolen, too. Try and show me a desktop computer that’s not portable, in sense that it cannot be carried. You can’t because such a thing does not exist. While desktop computers were not designed for ease of portability, it’s also true that they weren’t designed not to be portable. Most people can lift one, especially if computer monitors are not involved. How do you think the UPS guy brings a Dell computer up to your porch?
The form of the computer does not mean better data security. And yet, people act as if it does.
That’s not to say there isn’t security in shape and weight: gold bullion kept by banks, for example, is heavy by design. They could make each ingot lighter by making them smaller, and allow for easier transportation. But then, thieves could easily transport them, too.
So, ingots are kept heavy on purpose, requiring two well-exercised arms to lift them. Also, running with 24 extra pounds on your body doesn’t quite allow for a successful escape.
Desktop computers were not designed with such physical security in mind. They’re actually designed to be as small and lightweight as possible while meeting performance standards. The fact that they’re heavier and more cumbersome than laptops doesn’t mean more security; it just means they’re heavier and more cumbersome.
If you have any information that you need to protect on your computers, be they laptops or otherwise, full disk encryption is something you have to seriously consider.
Related Articles and Sites: