RSS Alerts

Share

More services

Related Stories

  • Biometrics: How and Now?
    Using biometric data for identity access and management can be a controversial move. Esther Shein examines the drawbacks, and looks at where and how biometrics are currently being used
  • ANSI, Shared Assessments to study financial impact of patient data breaches
    The American National Standards Institute (ANSI) and the Shared Assessments Program have launched a study examining the financial impact of patient data breaches.
  • IT strategy @ UK.gov
    The UK government needs to improve its ability to deliver effective IT-based systems at reasonable cost. But the proposed solution could change utterly the relationship between the state and the citizen, reports Ian Grant.
  • Paging Doctor Compliance
    With changes to the US healthcare system already underway – albeit at a snail’s pace – now is the perfect time to examine how the regulatory and compliance landscape may change with it. Esther Shein surveys the sector and seeks the proper prescription
    Members' Content
  • SANS Institute's NetWar challenge takes on the US military
    The SANS Institute has expanded its NetWars challenge, which tests information security skills of IT professionals, to include the US military, noted Ed Skoudis, director of the SANS NetWars project.

Top 5 Stories

News

US lawmakers upset at breach news delay

26 March 2008

US lawmakers are asking why a stolen laptop, which had medical test results for 2,500 patients in a National Institute of Health study, was not encrypted.

The laptop, which was stolen from a doctor’s locked car trunk February 23, contained some unencrypted research information from an ongoing study by the National Heart, Lung and Blood Institute (NHLBI). The theft occurred outside of the National Institute of Health campus.

The information involved roughly 2,5000 participants in a cardiac MRI study conducted between 2001 and 2007 and included each participant’s name, birth date, hospital medical record number and data contained in MRI reports such as measurements.

The laptop contained no additional medical information on participants beyond the MRI reports and no information such as social security numbers, addresses or phone numbers. Participants were not notified until March 20.

Rep. Edward Markey, a Massachusetts Democrat who chairs the Congressional Privacy Caucus, sent a letter to Health and Human Services Secretary Michael Leavitt asking why the laptop was not encrypted and what steps the department would take to prevent another breach.

The National Institute of Health said the incident was immediately reported to the police and it is under investigation. The NHLBI said it would install encryption software on its laptops and conduct regular security training for its employees.

Following a theft of a Veterans Affairs laptop in May 2006, (which contained personal data for 26.5 million veterans and military personnel), the Office of Management and Budget issued guidelines that require information on laptops across all government agencies to be encrypted.

This article is featured in:
Data Loss  • Encryption • Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012