BYOD SEcurity: 88th Medical Group At Wright-Patterson Air Force Base Sends Breach Notification Letters.

Wright-Patterson Medical Center is alerting over 3,800 blood donors of a possible personal information data breach.  A notebook containing personal information — including Social Security numbers — was left behind during a blood drive.  And by “notebook,” I mean a literal notebook — the one with sheaves of paper that are held together with a plastic or metallic spiral thingy (those who spent some time in Europe or Asia could have mistaken “notebook” for “laptop”).  When you think about it, notebooks are the “precursors” of BYOD (Kinda.  Bring Your Own Documentative accessories?).


Too bad disk encryption like AlertBoot Mobile Security cannot be used to safeguard the contents in this case.


Notebook Left Overnight in Conference Room



According to numerous sources, Wright-Patterson Medical Center has sent breach notification letters to approximately 3,800 blood donors.  A data breach too place in August when a notebook was left overnight in a conference room.  However, there’s more to it than the notebook being left unsupervised and unsecured:



Officials could not immediately provide the exact date the information was misplaced, but one day this month the notebook was left in a limited-use conference room late in the afternoon and recovered the next morning behind a chair, where it had apparently been dropped, according to base officials. [daytondailynews.com]


Apparently, forensics were run on the notebook since Air Force officials note that “there is no evidence to suggest that personal data was accessed or misused”  (yeah, I know: how would they know?)  Further statements revealed that “the notebook should have been kept in a locked container when not in use.”


True, that.  Despite all the criticisms one hears of electronic health records, there is at least one thing going for it: protecting data against breach instances like the above is easy with EHRs, not so much with traditional paper files.


If a laptop computer was being officially used for collecting such sensitive data as SSNs, better data protection could be offered via the use of encryption software.  With a notebook…you’re essentially trusting the notebook user to not foul things up.  But, if that were a reliable way to secure data, there wouldn’t be a need for encryption on laptop computers…



Related Articles and Sites:
http://www.military.com/daily-news/2012/08/20/wright-patterson-alerts-of-possible-data-breach.html
http://threatpost.com/en_us/blogs/wright-patt-officials-discipline-those-connected-misplaced-notebook-081712



Comments (0)


Let us know what you think