[Dataloss] Stolen laptop returned to Beaumont Hospital

George Toft george at myitaz.com
Thu Aug 24 16:49:36 EDT 2006 

In the wake of similar statements in the VA laptop case, I talked to a 
computer forensics expert and he confirmed that as long as Windows was 
not used to access the drive, then the markers used to indicate file 
access will remain intact and indicate no access.

It is not unreasonable to assume that a savvy ID thief would make a copy 
of the drive using Linux.  Now they have a copy of the drive, the 
original is "untouched" and the marketing spin machine touts "nobody 
accessed the data."

It's all marketing spin to downplay the seriousness of their mistake 
because nobody likes to admit to their customers that they screwed up.

George Toft, CISSP, MSIS
My IT Department
www.myITaz.com
480-544-1067

Confidential data protection experts for the financial industry.


World Privacy Forum wrote:
>  From the Detroit Free Press article:
> 
> "Hospital officials said an independent computer expert determined that 
> the laptop’s patient information was not accessed during the time it 
> was missing. Yet, they added that the agency will continue to offer 
> free credit monitoring to the 28,473 patients whose information was on 
> the laptop."
> 
> I've seen several media reports saying similar things such as "the data 
> wasn't accessed"  after post-breach recovery of computers. What isn't 
> being said, of course, is that the entire drive could have been copied 
> without specific data being accessed. The "data wasn't accessed" 
> statements need some substantial qualifiers, I think.  This is a real 
> flaw in some of the reporting on this issue -- my hope is that even the 
> most general reporting of this becomes more tuned into the copy issue. 
> While not everyone will know how to copy a drive without leaving 
> footprints, the professionals will.
> 
> Pam Dixon
> 
> 
> 
> 
> On Aug 23, 2006, at 6:05 PM, lyger wrote:
> 
> 
>>(follow-up to previous post)
>>
>>Courtesy Audit (attrition.org)
>>
>>http://freep.com/apps/pbcs.dll/article?AID=/20060823/NEWS99/60823026
>>
>>August 23, 2006
>>By Kim Norris
>>
>>A stolen laptop filled with medical and personal information of more 
>>than
>>28,000 patients of Beaumont Hospital Home Care was returned Wednesday,
>>without any of the patients. information accessed, Beaumont Hospital
>>officials said.
>>
>>Several unnamed employees have since been disciplined, officials said.
>>
>>The laptop computer was inside a car belonging to a home care nurse 
>>care
>>when the car was stolen Aug. 5 on Agnes Street in Detroit. It was
>>recovered Wednesday after hospital security officials received more 
>>about
>>50 tips from area residents responding to a hotline number 
>>disseminated by
>>local media.
>>
>>[...]
>>
>>_______________________________________________
>>Dataloss Mailing List (dataloss at attrition.org)
>>http://attrition.org/dataloss
>>Tracking more than 142 million compromised records in 307 incidents 
>>over 6 years.
>>
>>
>>
> 
> 
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 142 million compromised records in 307 incidents over 6 years.
> 
> 
> 
>

More information about the Dataloss mailing list