While many will make the case for laptop encryption, most fall silent when it comes to protecting desktop computers with the same technology. However, as Loma Linda University’s Dental School shows, comparatively massive computers need protective software as well–especially if they contain sensitive information.
Three Desktops Stolen, Over 10,000 Affected
Three computers were stolen on the weekend of June 12 from Loma Linda University’s Dental School. The computers contained names, SSNs, dates of birth, and “other health and personal information” according to a university spokesperson quoted at pe.com of 10,100 people.
Two people were arrested last month (technically, 13 days ago), so it makes sense that we’re only hearing of the situation now: data breach notifications can be delayed if law enforcement believes a public announcement will interfere with an investigation.
Arrest No Guarantee of Data Security
The two suspects supposedly said that they “were unable to crack password firewalls.” What does that even mean? (And more importantly, were the two telling the truth?)
Whatever it does mean, I’d wager it doesn’t refer to encryption software like AlertBoot. The use of this data protection measure grants safe harbor from sending out breach notifications per California law (where Loma Linda University is located) as well as by the HHS (I assume the Dental School has to comply with HIPAA breach notification rules), something that Loma Linda U has decided not to take advantage of.
However, seeing that the thieves had erased the computer memory–i.e., wiped the hard disk–it’s pretty clear that they knew a thing or two about computers. Whether they’d be able to “crack password firewalls” is up in the air. However, anyone who can format a hard drive has pretty much the required skills to attempt bypassing the most rudimentary security measures (such as password-protection on boot up).
Desktop Encryption Strongly Recommended If Sensitive Data Stored
I’ve been arguing for the use of encryption on desktop computers for a while now. I realize that desktop computers are not the most portable of devices; however, they’re not exactly hard for people to move, either. Especially when it comes to some of the lower-cost machines that are similar in size to a college dictionary.
It only makes sense that, if you have a machine that’s frequently used for processing or storing sensitive information, and that it’s loss could trigger an expensive data breach, you must protect it. That is regardless of what the form factor happens to be: laptop, desktop, netbook, external hard drive, portable USB memory stick, etc.
Related Articles and Sites: