The Dangers of Unencrypted Mobile Devices

Another Major Data Breach from Unprotected Laptop Data

Cedars-Sinai Health System in Los Angeles says approximately 33,000 patients were affected by a data breach involving the theft of an unencrypted laptop computer from an employee’s home.

The laptop, which the employee used for troubleshooting clinical laboratory reporting software, was stolen, along with personal items, from the employee’s home. The laptop’s lack of encryption was a violation of Cedars-Sinai policy, the health system reports. As a result of the incident, the organization is now re-confirming the encryption status of all laptops.

The patient information on the laptop included some combination of medical record numbers, patient identification numbers, lab testing information, treatment information, and diagnostic information, the health system reports. A small percentage of the files also contained Social Security numbers or other personal information.

Other recent laptop breaches include 38,906 SS#, CCD, and other personal info records stolen from a Self Regional Healthcare laptop, 7,000 SS# and Bank Acct# records stolen from a Douglas County School District home laptop and 20,000 SS# and personal information records stolen from a Orangeburg-Calhoun Technical College laptop.

All these laptops were lacking readily available computer encryption that protects data transparently when the computers are not in use. Having hard disks encrypted makes the data useless unless the user has unlocked the data while it is in use.

Encryption of data on mobile, laptop, and remote computers that have sensitive data is mandatory to comply with security regulations that cover personal, private data. These regulations include health, merchant, financial, and government institutions.  Breach laws that are in place in 46 of the 50 U.S. states require disclosure of breaches to personal, private records and covers all companies.

Data protection solutions include data encryption such as laptop encryption, data loss protection to protect against sensitive data being transmitted out of a company by email, and solutions for authentication and identity control. Data protection solutions, like most in security, scale up and down to address the needs of small, medium, and large companies.