Archive for March, 2007

Sick Kids Hospital, which lost a laptop recently containing information on 2900 patients, has been ordered [PDF link] by the government to protect patient data more stringently.

The laptop with the patient data – including their HIV status – was stolen from a doctor’s van on January 4th. The laptop was only protected by passwords, not encryption.

The Ontario Information and Privacy Commissioner, Ann Cavoukian, ordered that all patient data be encrypted and that information with patient identifying materials cannot leave the hospital. The Sick Kids Hospital has until June 15th to comply with the order, while other hospitals are being urged to follow suit in order to comply with the Canadian Personal Health Information Protection Act.

Toronto Star reports:

At the time of the theft, Sick Kids broke a number of rules under the Personal Health Information Protection Act, including failing to properly protect patient health information from theft, loss and unauthorized use, the commissioner noted. Mandatory encryption to protect identities is not part of the hospital’s security policy. As well, the rules "discouraged," staff from removing electronic patient data from the hospital but did not prohibit it. Security rules were inconsistent because individual departments were allowed to set their own security practices and standards.

Tags: sick kids hospital, ontario, privacy, patient privacy, security breach, data breach, laptop theft, laptop encryption

Absolute Software’s Computrace will now be embedded into Lenovo’s new ThinkPad and 3000 Notebook Series. Lenovo, manufacturer of leading PCs, will be shipping all new ThinkPad and 3000 Notebook Series (C, N and V) laptops with Computrace support embedded in the BIOS.

The laptops will be shipped with an ‘off’ model of LoJack for Laptops that will be activated when customers purchase a subscription.

John Livingston, Absolute Software’s CEO, has this to say:

“Many ThinkPad customers have enjoyed this important layer of protection over the past two years, and now Lenovo’s consumer and small business customers can benefit too. Once they subscribe and activate Computrace LoJack for Laptops, Lenovo customers can fight back to protect their notebook investment and confidential data in the event their computer is lost or stolen.”

Full Press Release Available Here (PDF)

Tags: absolute software, thinkpad, lenovo, 3000 notebook, laptop security, computrace, lojack for laptops

This year’s Daylight Savings Time (DST) Change comes three weeks early – and with it, much preparation is needed.

DST is now on March 11, 2007 instead of April 1, 2007. Additionally, DST will end a week late, on November 4, 2007.

The new DST change is causing just about as much uproar as Y2K did. Computer systems across the country could be affected. Programs like Microsoft Outlook are not programmed for the new DST schedule. Real time will fail to align with computer schedules and the effects are widespread – all businesses, individuals and companies should be proactively preparing.

How to deal with the new DST scheduling (via MS-ISAC):

• Identify all time dependent applications.
• Update and apply all appropriate patches to applicable systems after appropriate testing.
• Ensure that your users are aware of the change and pay particular attention to calendar entries during the new daylight saving time periods.
• Validate that all critical systems have the correct time after each rotation of DST to mitigate any possible issues on those hosts.

More information from MS-ISAC here (PDF), from Microsoft here, and from Oracle here.

Thanks to Dan Lohrmann’s CSO blog for the tips ; Tags: dst, daylight savings time, dst schedule, it

Pensacola News Journal reports that four laptops have been stolen, which contain personal information and Social Security numbers on almost 10,000 Gulf Coast Medical Center patients.

The laptops were stolen in two separate incidents. Three were stolen from a car in Texas in November, and another was taken from a car in Tallahasse in February. The latter laptop contained information for over 8,000 patients.

It is believed both thefts were random and, thus far, no identity thefts have ocurred. A spokesperson has indicated that all information was password-protected.

A crucial lesson is to be learned from these incidents: it’s not just about protecting your data, it’s also about being theft-smart. Both of these thefts were preventable if the laptops had not been left in the cars. Hauling around a laptop for lunch may seem like overkill, but it is a necessary step in protecting yourself and your company from data breaches.

For more tips, read our 10 steps to laptop security and theft deterrence best practices.

Tags: laptop theft, laptops in cars, laptop security, panama city, gulf coast medical center, data breach

Consumer Watch has done a piece titled "Protect Laptop from Identity Theft" and, despite the grammar choice in said title, have provided some key pieces of advice:

1. Don’t log onto unsecured wireless networks.
   • Anyone can watch what you’re doing, which is a major privacy risk. Wireless eavesdropping is a major problem – simple programs can capture your passwords and through all this, your ID. You put yourself at risk for identity theft.
2. Get a lock for your laptop
3. Get a biometric device requiring a fingerprint scan to sign onto the computer
4. Get encryption software

These steps can help you protect yourself from identity theft and, in the corporate environment, from security breaches and data loss.

Tags: identity theft, data breach, laptop security, protect your laptop, security breach

When it comes to data breaches, it only takes one laptop or mobile device lost to cause a catastrophe. Laptop drift/loss is almost inevitable, but avoiding that one very important laptop from breaching data is possible.

Carl Weinschenk writes "It’s Which, Not How Many, Laptops Disappear" on IT Business Edge. The article relates to laptop loss in governments and the potential for personal information, or information related to national security, to be breached. Government figures on laptop loss are public, but what is not clear is the impact of those figures. How many of the lost laptops have secure information on them?

Carl’s statement regarding this issue rings very true:

"laptop security is a qualitative issue: It really doesn’t matter in the scheme of things if 10 low level machines go missing, as long as the one with the ID badge software is safe."

Although means should be taken to secure all laptops, those with the greatest potential for data breach should be more stringently secured.

Carl is correct in stating that laptop security is a complex and subtle issue, but one increasingly important in government policy development.

Tags: laptop security, government security, government data, data breach, data loss, laptop loss, secured data, privacy of information