Portable Hard Drive Encryption: Protecting Medical Data On External Drives.

Bad news coming from our friends in Canada: according to edmontonjournal.com, a portable hard drive was stolen from Dr. R. Burnham and Associates Medical Clinic, triggering a breach of 1,000 patients.  The external hard disk drive was “protected” with password-protection but not with full disk encryption like AlertBoot.

  • Alberta Health Services’ Central Alberta Pain and Rehabilitation Institute

  • Portable Hard Drive Encryption: An Extension of Computer Encryption

Alberta Health Services’ Central Alberta Pain and Rehabilitation Institute

The portable drive was a backup medium containing Alberta Health Services’ Central Alberta Pain and Rehabilitation Institute client records.  These included names, dates of birth, addresses, health care numbers, and prescription information.  The breach took place between May 6 and May 8.

While the AHS went public with the breach details, it has noted that the device actually belonged to the Dr. Burnham clinic.  I’m not as familiar with Canadian patient privacy laws, but if they’re anything like what we have in the US, AHS is still responsible even if a third party breached the data.

The Information and Privacy Commissioner’s office has noted that they “have said time and time again that kind of information must be encrypted, that it should be the standard.”

It really should be standard.  Password-protection is bad security, and it cannot be a match for encryption software.  Which is why:

AHS is now “working proactively” with the clinic to make sure its systems are encrypted and “in line with AHS policies.”

Who knows how many more stolen disks and laptops AHS will have in the future?  Ensuring that past weaknesses are not exploited is a big part of increasing one’s security, so AHS should be applauded for what they’re doing.  On the other hand, that won’t stop people from commenting that it’s a little too late, at least for this round of clients.

Portable Hard Drive Encryption: An Extension of Computer Encryption

If you’re looking to protect the contents of your portable drive, which you use as a backup, you ought to be thinking about encryption software.  But, if you’re thinking of protecting the contents of only a portable drive, then you must be coo-coo.  What about your actual computer?  Doesn’t it hold the same data?  In most cases, it does.  What makes you think that your portable drive will go missing but your laptop won’t?  Heck, desktop computers getting stolen is not unheard of.

This disconnect makes even less sense when you consider that the full disk encryption used to protect portable drives is also the same encryption used for desktop and laptop computers.  The reason?  The hard drives within all three devices are the same.

In fact, a managed encryption service like AlertBoot takes advantage of this fact to offer disk encryption for computers and other peripherals in one integrated package: if you plug a portable drive into the USB slot of a computer already encrypted with AlertBoot disk encryption, the portable drive will be encrypted automatically, too!

By doing this, your data security risk profile is lowered by ensuring that data extracted from a protected computer can only be read on authorized computers only (one of the disadvantages to disk encryption software is that it’s the disk that’s encrypted.  Hence, any data saved to it is encrypted as well; however, any data copied off of it will in plain text format).

Long story short: if you’re looking to encrypt your laptop or desktop computer, seriously consider encrypting your backup data as well (why wouldn’t you?  It’s the same data) and vice versa.

Related Articles and Sites:

Comments (0)

Let us know what you think