Two charities in AlertBoot’s neck of the woods (or, rather, desert) have been victimized when burglars literally broke into their premises and stole computer equipment. At least of one the organizations, the American Heart Association, used “a sophisticated password system” — let’s hope that’s just another way of saying “used laptop encryption software” like AlertBoot.
American Heart Association and Olive Crest
Two non-profits that had offices at an industrial park on South Jones Boulevard were broken into on September 25: the American Heart Association and Olive Crest. The former, of course does not require an introduction. The latter is a child advocacy organization that has branches across the southwestern US.
According to a fox5vegas.com story, the burglars made their way into the offices by breaking glass windows, and video footage shows plenty of glass being swept up. Two laptops were stolen from the AHA. Olive Crest’s damages were not specified, although “things were missing.”
The computers from AHA contained donor information; however, a person with the health organization noted that:
Fortunately, we have a very sophisticated password system on our computer. As far as our donor information or private information on those computers, it will be very difficult or impossible to access.
As I noted at the beginning of this post, I hope that the sophisticated password system that’s being referred to is encryption software — which generally uses a password, at least, to identify whether authorized person are accessing the data — as opposed to password-protection, which is not really regarded as data security.
Las Vegas, Nevada: One of the Strictest Data Breach Laws in the US
As far as I can tell, the AHA is not a HIPAA covered-entity, so they don’t have report this to the Department of Health and Human Services. However, the state of Nevada has one of the strictest digital data breach notification laws in the country, as I mention here on the passing of Nevada’s NRS 603a and on this rant on whether non-profits need to report data breaches per Nevada law (long story short: they do).
There is a loophole of sorts, though: the law provides safe harbor from going public with the breach if strong data encryption is used to protect the data.
Related Articles and Sites: