Johns Hopkins Stolen Computer Exposes 5,783
Technorati Tag: Security Breach
Date Reported:
9/1/07
Organization:
Johns Hopkins Hospital
Contractor/Consultant:
None
Number Affected:
5,783
Types of Data:
Name, birth date, Social Security number, and medical history
Breach Description:
A desktop computer containing sensitive information on 5,783 Johns Hopkins Hospital patients was stolen in mid-July.
Reference URL:
http://www.wtopnews.com/index.php?nid=25&sid=1236929
http://www.imedinews.ge/en/news_read/61668
Report Credit:
Associated Press
Response:
From the online article above:
"We have no reason to believe any of the data has been misused," said Gary Stephenson, a hospital spokesman, adding that it was "highly likely" the computer was stolen for the value of its hardware."
[Comfyllama] Standard response used by many organizations. I wonder what would give Johns Hopkins reason to believe that the data was misused. The second part of the statement above is a typo. Most organizations and police investigators seem to think that stolen computers are stolen for their hardware. I do not know intimate details of this investigation, but I do know that criminals ARE getting data off some stolen/lost computers. The real money is in the information, NOT the hardware.
Commentary:
Johns Hopkins failed to state why privacy information was stored on a "desktop" computer and unencrypted in the first place, or what they plan to do to prevent future breaches (Johns Hopkins lost backup tapes in January). Johns Hopkins does not have a very good record this year for protecting information that DOES NOT belong to them.
According to the article, there are suspects in the theft, but nobody has yet to be charged with the crime.
Past Breaches:
January, 2007: Johns Hopkins Loses Data on 135,000
The basic job of a data recovery program is evident by its name; to recover data. With the upward surge in incidence of online file sharing, one has also experienced the increasing probability of losing it all online. The back up server should therefore be in a top functional state at all times. The windows backup software is usually sufficient. But in case of highly important and vulnerable data, the need of a data recovery software increases.
Date Reported:
9/1/07
Organization:
Johns Hopkins Hospital
Contractor/Consultant:
None
Number Affected:
5,783
Types of Data:
Name, birth date, Social Security number, and medical history
Breach Description:
A desktop computer containing sensitive information on 5,783 Johns Hopkins Hospital patients was stolen in mid-July.
Reference URL:
http://www.wtopnews.com/index.php?nid=25&sid=1236929
http://www.imedinews.ge/en/news_read/61668
Report Credit:
Associated Press
Response:
From the online article above:
"We have no reason to believe any of the data has been misused," said Gary Stephenson, a hospital spokesman, adding that it was "highly likely" the computer was stolen for the value of its hardware."
[Comfyllama] Standard response used by many organizations. I wonder what would give Johns Hopkins reason to believe that the data was misused. The second part of the statement above is a typo. Most organizations and police investigators seem to think that stolen computers are stolen for their hardware. I do not know intimate details of this investigation, but I do know that criminals ARE getting data off some stolen/lost computers. The real money is in the information, NOT the hardware.
Commentary:
Johns Hopkins failed to state why privacy information was stored on a "desktop" computer and unencrypted in the first place, or what they plan to do to prevent future breaches (Johns Hopkins lost backup tapes in January). Johns Hopkins does not have a very good record this year for protecting information that DOES NOT belong to them.
According to the article, there are suspects in the theft, but nobody has yet to be charged with the crime.
Past Breaches:
January, 2007: Johns Hopkins Loses Data on 135,000
The basic job of a data recovery program is evident by its name; to recover data. With the upward surge in incidence of online file sharing, one has also experienced the increasing probability of losing it all online. The back up server should therefore be in a top functional state at all times. The windows backup software is usually sufficient. But in case of highly important and vulnerable data, the need of a data recovery software increases.
Posts Atom 1.0
It appears as though the stolen computer was returned over the weekend.
http://www.baltimoresun.com/news/health/bal-computer0904,0,500185.story?coll=bal_sports_promo
Reply to this