I Hate Dialysis Message Board
Welcome, Guest. Please login or register.
November 25, 2024, 11:54:49 AM

Login with username, password and session length
Search:     Advanced search
532606 Posts in 33561 Topics by 12678 Members
Latest Member: astrobridge
* Home Help Search Login Register
+  I Hate Dialysis Message Board
|-+  Dialysis Discussion
| |-+  Dialysis: News Articles
| | |-+  DaVita Suffers Computer-Data Theft In Florida
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: DaVita Suffers Computer-Data Theft In Florida  (Read 1803 times)
Zach
Elite Member
*****
Offline Offline

Gender: Male
Posts: 4820


"Still crazy after all these years."

« on: December 16, 2008, 08:57:35 AM »

Hard Disk Encryption Software Not Used On Stolen DaVita Desktop Computers

Universal Security Solutions
December 13th, 2008

The folks over at PHI Privacy have found a letter filed with the Maryland AG’s office regarding a data breach at DaVita.  According to the letter, a DaVita facility in Florida was burglarized and “multiple desktop computers” were stolen.  The result is the possible data breach of 354 Maryland residents.  I imagine the total number affected would be much higher, since the letter to MD’s AG need concern only Maryland residents.

If you’re not aware, DaVita already lost a laptop computer with sensitive information back in February.  And the information lost in that case is similar to this recent one: the computers’ hard drives “may contain your name, social security number, medical insurance coverage information, and/or other personal and health related information.”  The wording was so similar that I checked to see if they had recycled the notification letter, and it looks like they may have, at least a portion of it.  That’s….pretty handy.

Handier than that would have been the use of hard drive encryption software like AlertBoot to secure the contents of these stolen computers.  I’ve noticed that a lot of people ask for, and recommend, the use of encryption software when it comes to nominally portable devices like laptops.  For example, the newly passed legislation in Massachusetts (201 MCR 17.00) makes a point of requiring laptops with sensitive information to be encrypted, but contains nothing related to desktops.

Why is it that interest in information security falls dead when it comes to desktops?  What’s so magical about desktops that they don’t require the same amount of data protection measures?  Can’t they be stolen?  If anyone holds this outmoded way of thinking, they’d be served well by discarding it.  I mean, it’s not as if the theft of computers didn’t exist prior to the invention of the laptop computer.

This is DaVita’s second breach in less than one year.  Did they fall into the fallacy of believing that desktop computers are “safer” than laptops?  I won’t assume they didn’t know that hard disk encryption as a security tool was available, since the company made an effort to note in the AG’s that encryption was not used on the now-missing desktops.

They say that the third time’s the charm.  Not that I’m hoping DaVita will have a third instance of computer theft.  But if it does, I think it’s high time for them to make changes so that the letter they send out can read “the stolen computer may contain your name, social security number, medical insurance coverage information, and/or other personal and health related information. But you can rest easy since  your information has been encrypted.”

Related Articles:
http://www.phiprivacy.net/?p=813
http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-161396.pdf
http://doj.nh.gov/consumer/pdf/davita.pdf


Original Article:
http://www.alertboot.com/blog/blogs/endpoint_security/archive/2008/12/09/hard-disk-encryption-software-not-used-on-stolen-davita-desktop-computers.aspx
Logged

Uninterrupted in-center (self-care) hemodialysis since 1982 -- 34 YEARS on March 3, 2016 !!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
No transplant.  Not yet, anyway.  Only decided to be listed on 11/9/06. Inactive at the moment.  ;)
I make films.

Just the facts: 70.0 kgs. (about 154 lbs.)
Treatment: Tue-Thur-Sat   5.5 hours, 2x/wk, 6 hours, 1x/wk
Dialysate flow (Qd)=600;  Blood pump speed(Qb)=315
Fresenius Optiflux-180 filter--without reuse
Fresenius 2008T dialysis machine
My KDOQI Nutrition (+/ -):  2,450 Calories, 84 grams Protein/day.

"Living a life, not an apology."
Sluff
Member for Life
******
Offline Offline

Gender: Male
Posts: 43869


« Reply #1 on: December 16, 2008, 05:32:25 PM »

Unbelievable. There has to be a better way to secure these computers useless when shut down.
Logged
Pages: [1] Go Up Print 
« previous next »
 

Powered by MySQL Powered by PHP SMF 2.0.17 | SMF © 2019, Simple Machines | Terms and Policies Valid XHTML 1.0! Valid CSS!