Healthcare Data Breach Cost: California Fines Hospital $250,000 For Late Disclosure Of Breach (Updated).

Update (09 SEP 2010): The above title originally read “for non-disclosure of breach.”  Corrected to “late disclosure.”  Lucile Salter Packard Children’s Hospital at Stanford University was fined $250,000 for not promptly reporting a data breach to the state of California.  The story shows that preventing data breaches (in this case, using hard disk encryption software like […] read more

Data Security Programs: E-Mail Addresses Are Not As Benign A Data As They Appear.

When I cover data breach stories, sometimes the breached data appears benign on the surface.  For example, a bunch of e-mail addresses are stolen.  Now, most would argue that this is not personal information (I would readily agree) and that they don’t really need to be protected.  I myself feel divided over whether laptop encryption […] read more

Data Encryption Software: South Shore Hospital Update.

A couple of months back, South Shore Hospital had announced the breach of patient information for 800,000 people.  At the time, I had wondered whether data encryption like AlertBoot had been used to protect the data.  Seeing how it involved close to a million people, the use of encryption software would have been advisable. Data […] read more

Disk Encryption Software: Not Used in CUNY Breach Affecting 7,000.

A desktop computer containing the personal information of 7,000 City College of New York students was stolen about three weeks ago.  The computer was not protected with drive encryption software like AlertBoot, which could mean the difference between a non-event and a full-blown crisis down the line. Password-Protection Used, Probably Worthless If Motive Was Data […] read more

Data Breach Costs: Standard Breach Notification Bylines Deceptive Acts Or Practices?.

Data Protection Involves More Than Digital Tools Like Disk Encryption Software A couple of months back, I observed that a pretty-standard clause used by Rite Aid Pharmacies had caused them trouble with the FTC.  Actually, it’s unfair to say that, since Rite Aid erred to begin with: employees dumped sensitive documents, knowing fully (or, at […] read more

Email Encryption Software: ASU Staff And Faculty In Breach.

Arkansas State University (ASU) employees, full and part time, had their SSNs and other personal information breached when an e-mail was sent to the wrong people.  It looks like data encryption software was not used to safeguard the contents. 2,484 Faculty and Staff Affected An e-mail containing the names, Social Security numbers, and driver’s license […] read more

Email Encryption Software: Kinetic Concepts Inadvertently E-mails Attachment, Has Breach.

Employees of Kinetic Concepts (KCI ) have suffered a data breach when an email containing the wrong attachment was sent to…them.  There are certain things that e-mail encryption can do protect a company from data breaches.  This particular case is not one of them.  A better option might have been the use of encryption for […] read more

Full Disk Encryption: University of Rochester Medical Center Notifies 837 Of Lost Flash Drive.

University of Rochester Medical Center (URMC) has notified 837 people that their medical information may have been compromised when a USB memory stick went missing.  Disk encryption software was not used to secure the contents of the flash drive. Not All Affected The USB disk belonged to a surgeon who used it to save information […] read more