[Dataloss] follow-up: Personal data on stolen NIH laptop was not encrypted
security curmudgeon
jericho at attrition.org
Tue Mar 25 09:22:35 UTC 2008
---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
http://federaltimes.com/index.php?S=3442638
By ELISE CASTELLI
FederalTimes.com
March 24, 2008
Personal data on a stolen National Institutes of Health laptop was not
secured by encryption measures, as federal regulations require.
As a result, medical data on nearly 2,500 patients is at risk following
the February theft of a laptop from the locked trunk of a laboratory
researchers car.
The [National Heart, Lung and Blood Institute] recognizes that such
information should not have been stored in an unencrypted form on a laptop
computer, said Elizabeth Nabel, director of NHLBI, a division of NIH.
However, at the time of the theft, the laptop was off and protected by a
password that would take considerable computer sophistication to crack,
she said in a March 24 statement.
[..]
More information about the Dataloss
mailing list