There is a common (wrong) belief out there that when something is password protected, it is therefore encrypted. This is totally wrong. The recent “loss” of a laptop by BP that contained the personal data of 13,000 people brought this misconception back to light. Briefly: this lost BP laptop was password protected, but not encrypted. Read More
Does your office assign a business email to all of your employees? If so, what is your office policy on the use of that email? Sure, you might tell them it is for “official use only”…but what does that mean? And…if you “told” them this vs. having it in a written policy…does it even matter? Read More
In all, ok most, articles I read about data breaches, there seems to be this standard phrase: “there was no financial, bank, credit card or health insurance information…” HIPAA is not about financial info or bank info or credit card numbers. It is about personal, private health information being viewed by unauthorized people. Yes, it is Read More
Wow, 300,000 people who are “clients” of the world’s largest stem cell bank, Cord Blood Registry, have received notification letters that their data may have been breached. Double Wow – the issue at hand: storage tapes and a laptop were stolen from an employee’s car. Triple Wow – the tapes nor the laptop were encrypted. Read More
The Henry Ford Health System in Detroit lost a flash drive back in January that contained almost 3,000 patients’ information. This flash drive was not encrypted. Problem #1: Why was PHI stored on a flash drive? Problem #2: Why wasn’t the flash drive encrypted? We don’t like the use of portable storage devices (flash drives) Read More
Recent Comments