Two Healthcare Data Breaches Show Importance Of Encryption

Patient data from Howard University Hospital and California Department of Child Support Services wasn't fully encrypted, and one security expert wants to know why.

By Neil Versel
InformationWeek
Originally published April 5, 2012

The theft of a laptop containing more than 34,000 unencrypted records from Howard University Hospital in Washington, D.C., and the loss of backup tapes containing records of 800,000 people enrolled in California Department of Child Support Services programs are just the latest in a string of healthcare data breaches that could have and should have been prevented, a data protection expert contends.

Last week, Howard University Hospital disclosed that it had notified 34,503 patients that a personal laptop of a former contractor was stolen in January from that individual's car. The laptop, according to the hospital, was password-protected, but the actual data was not encrypted.

That is disturbing to Mark Bower, data protection expert and VP at Voltage Security, based in Cupertino, Calif. "Why was their contractor allowed to use their own laptop, connect to the network, and download this data?" Bower wondered. "Why was that information not encrypted on the back end?"

The entire story is here.