[Dataloss] Hospital laptop walks away during disaster drill, patient data back to 2000 does, too

blitz blitz at strikenet.kicks-ass.net
Sat Aug 5 18:12:26 EDT 2006


Its a simple matter as you know, to remove the drive, Norton ghost it 
to another, and then the laptop could be returned, alleviating fears 
of the data loss.
Even more insidious, is they could just report it's been recovered.
Then the culprits (assuming the data is their target) can have all 
the time they want to use the data for whatever purposes.

At 11:38 8/5/2006, you wrote:
>Chris Walsh wrote:
>  > According to the letter, a copy of which was obtained by the Journal,
>  > the computer was password protected and there is "no evidence that
>  > the hard drive has been inappropriately accessed.''
>
>It takes about 3 minutes to change the Administrator password (10 if
>it's your first time) using a common tool found on the Internet if you
>have physical access to the Windows PC.  And without possession of the
>laptop, how can they state that the hard drive has not been accessed in
>any fashion, appropriate or inappropriate?
>
>George Toft, CISSP, MSIS
>My IT Department
>www.myITaz.com
>480-544-1067
>
>Confidential data protection experts for the financial industry.
>
>
>_______________________________________________
>Dataloss Mailing List (dataloss at attrition.org)
>http://attrition.org/errata/dataloss/

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20060805/e991ffcd/attachment.html 


More information about the Dataloss mailing list