In November of last year, the University of Mississippi Medical Center contacted nearly 1,500 people due to the loss of a laptop computer. At the time, it appeared that the stolen laptop was not protected with disk encryption. It looks like this will also be the case in the future, per the update at clarionledger.com.
According to clarionledger.com, the University of Mississippi Medical Center (UMMC) has decided to “add safeguards for computers used in research studies” after the October theft of a researcher’s laptop. Tracking software has been installed on all “relevant computers” and staff monitor any instances where research participants enter their data in computers.
Not a bad idea; however, one wonders how these moves will protect confidential patient data when/if another laptop is stolen. In theory, tracking software allows one to recover stolen computer hardware. Practice tends to match the theory, but there are times when tracking software doesn’t work. For example, most tracking software uses an internet connection to pinpoint a stolen device’s location. If the computer doesn’t connect to the internet, the security solution is worthless.
Plus, where’s the guarantee that the device will be recovered before any information on the laptop is accessed, copied, or transferred? None.
Data security requires that information be secure from unauthorized access. In this light, device tracking is nothing more than a way to reclaim one’s stolen hardware, with data security as a close, but secondary, interest.
UMMC really ought to be looking into deploying encryption software, if it hasn’t done so already.
Related Articles and Sites: