Patients' Data on Stolen Laptop

[lyger <lyger () attrition org>]

http://www.washingtonpost.com/wp-dyn/content/article/2008/03/23/AR2008032301753.html

A government laptop computer containing sensitive medical information on 
2,500 patients enrolled in a National Institutes of Health study was 
stolen in February, potentially exposing seven years' worth of clinical 
trial data, including names, medical diagnoses and details of the 
patients' heart scans. The information was not encrypted, in violation of 
the government's data-security policy.

NIH officials made no public comment about the theft and did not send 
letters notifying the affected patients of the breach until last Thursday 
-- almost a month later. They said they hesitated because of concerns that 
they would provoke undue alarm.

The handling of the incident is reminiscent of a 2006 theft from the home 
of a Department of Veterans Affairs employee of a laptop with personal 
information about veterans and active-duty service members. In that case, 
VA officials waited 19 days before announcing the theft.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml