Cabarrus County laptop left on bumper of ambulance
Technorati Tag: Security Breach
Date Reported:
11/08/07
Organization:
Cabarrus County (NC)
Contractor/Consultant/Branch:
Emergency Medical Services (EMS)
Victims:
Cabarrus County EMS patients
Number Affected:
28,000
Types of Data:
Name, address, phone number, and Social Security number
Breach Description:
A laptop used by Cabarrus County EMS staff was lost or stolen after or during a routine ambulance delivery on October 28th, 2007. The laptop contained sensitive personal information on roughly 28,000 EMS patients.
Reference URL:
Cabarrus County Press Release
WBTV Channel 3 News Story
Report Credit:
Cabarrus County (Press Release)
Response:
From the and online sources cited above:
"November 7, 2007 – A $500 reward is being offered for the safe return of a laptop computer owned by Cabarrus County Emergency Medical Services. The lost computer is a Panasonic Tough Book 18 tablet PC version. The computer is silver encased with a black hard alloy."
"The computer was lost Sunday, October 28 around 10 pm when an ambulance with Cabarrus County EMS transported a patient to Carolinas Medical Center – Northeast. The laptop was left on the back bumper of the ambulance while the ambulance was parked at the emergency bay at the hospital."
[Comfyllama] I can only imagine the "OH SH*T!" when the EMS worker noticed the laptop was missing. I can also relate to forgetfulness all to well, I forgot my shoes this morning and came into the office in tennies!
"It is not known whether the computer was lost at the hospital or while in transit back to the EMS station. It is also unknown whether the computer was recovered by someone or destroyed in traffic."
[Comfyllama] Even if the laptop were "destroyed" in traffic, most likely data can still be accessed on the hard drive
"The computer contains names, addresses, phone numbers and social security numbers of approximately 28,000 people who have been cared for by Cabarrus County Emergency Medical Services over the last four years. It also contains medical information of approximately 58 individuals who have received treatment from Cabarrus County EMS between October 13 and October 28."
[Comfyllama] Now this ain't cool! Why is it necessary to send laptops into the field that contain personal information? EMS staff are constantly in high-stress situations where their #1 priorities are personal and patient safety, so who would expect them to even think about computer data and security? This was a poor management decision in my opinion.
"Information stored on the computer is protected by double passwords, so it is unlikely that if found, someone would be able to access the patient records. However, it is possible that information on the computer could be breached by an individual who has highly developed computer programming skills."
[Comfyllama] OK, really. "Double passwords" are no more than a nuisance to anyone curious or criminal enough to want the information. It ABSOLUTELY DOES NOT take an "individual who has highly developed computer programming skills" to get at the information. It takes someone with a little drive and the ability to search Google.
"The Attorney General’s Office and the three major credit reporting agencies (Equifax, Experian and TransUnion security) have been notified of this potential security breach."
"“I deeply regret that this preventable situation occurred. Cabarrus County is very diligent in securing protected information contained in county records, but people aren’t perfect and mistakes are made. We sincerely apologize for the inconvenience and disruption that this has caused for those whose personal information was stored on the missing computer,” said County Manager John Day."
[Comfyllama] At least two mistakes were made that led to this breach. #1, someone made the decision that it was acceptable to store confidential information on laptops without encryption and #2, the laptop was forgotten on the bumper of an ambulance. I can accept #2 pretty easily, but #1 has me irked.
"New security measures have been implemented to prevent this situation from occurring again. In addition, new software will be purchased that will eliminate the need for patient information to be stored on the computer’s hard drive."
[Comfyllama] I strongly suggest that the county encrypt laptops also as a precaution. This way, IF confidential information found it's way onto a laptop it would still be protected. Encryption (when implemented correctly) offers excellent protection for a fraction of the cost of a breach.
"Anyone who has information about the missing computer is asked to contact the Cabarrus County Sheriff’s Office at ."
Commentary:
This is another breach made possible through the lack of encryption on a mobile device (laptop). In my mind I hold the person that made the decision to allow this data on laptops without proper protection more accountable than I do the EMS worker that forgot the laptop on the bumper.
Past Breaches:
Unknown
Date Reported:11/08/07
Organization:
Cabarrus County (NC)
Contractor/Consultant/Branch:
Emergency Medical Services (EMS)
Victims:
Cabarrus County EMS patients
Number Affected:
28,000
Types of Data:
Name, address, phone number, and Social Security number
Breach Description:
A laptop used by Cabarrus County EMS staff was lost or stolen after or during a routine ambulance delivery on October 28th, 2007. The laptop contained sensitive personal information on roughly 28,000 EMS patients.
Reference URL:
Cabarrus County Press Release
WBTV Channel 3 News Story
Report Credit:
Cabarrus County (Press Release)
Response:
From the and online sources cited above:
"November 7, 2007 – A $500 reward is being offered for the safe return of a laptop computer owned by Cabarrus County Emergency Medical Services. The lost computer is a Panasonic Tough Book 18 tablet PC version. The computer is silver encased with a black hard alloy."
"The computer was lost Sunday, October 28 around 10 pm when an ambulance with Cabarrus County EMS transported a patient to Carolinas Medical Center – Northeast. The laptop was left on the back bumper of the ambulance while the ambulance was parked at the emergency bay at the hospital."
[Comfyllama] I can only imagine the "OH SH*T!" when the EMS worker noticed the laptop was missing. I can also relate to forgetfulness all to well, I forgot my shoes this morning and came into the office in tennies!
"It is not known whether the computer was lost at the hospital or while in transit back to the EMS station. It is also unknown whether the computer was recovered by someone or destroyed in traffic."
[Comfyllama] Even if the laptop were "destroyed" in traffic, most likely data can still be accessed on the hard drive
"The computer contains names, addresses, phone numbers and social security numbers of approximately 28,000 people who have been cared for by Cabarrus County Emergency Medical Services over the last four years. It also contains medical information of approximately 58 individuals who have received treatment from Cabarrus County EMS between October 13 and October 28."
[Comfyllama] Now this ain't cool! Why is it necessary to send laptops into the field that contain personal information? EMS staff are constantly in high-stress situations where their #1 priorities are personal and patient safety, so who would expect them to even think about computer data and security? This was a poor management decision in my opinion.
"Information stored on the computer is protected by double passwords, so it is unlikely that if found, someone would be able to access the patient records. However, it is possible that information on the computer could be breached by an individual who has highly developed computer programming skills."
[Comfyllama] OK, really. "Double passwords" are no more than a nuisance to anyone curious or criminal enough to want the information. It ABSOLUTELY DOES NOT take an "individual who has highly developed computer programming skills" to get at the information. It takes someone with a little drive and the ability to search Google.
"The Attorney General’s Office and the three major credit reporting agencies (Equifax, Experian and TransUnion security) have been notified of this potential security breach."
"“I deeply regret that this preventable situation occurred. Cabarrus County is very diligent in securing protected information contained in county records, but people aren’t perfect and mistakes are made. We sincerely apologize for the inconvenience and disruption that this has caused for those whose personal information was stored on the missing computer,” said County Manager John Day."
[Comfyllama] At least two mistakes were made that led to this breach. #1, someone made the decision that it was acceptable to store confidential information on laptops without encryption and #2, the laptop was forgotten on the bumper of an ambulance. I can accept #2 pretty easily, but #1 has me irked.
"New security measures have been implemented to prevent this situation from occurring again. In addition, new software will be purchased that will eliminate the need for patient information to be stored on the computer’s hard drive."
[Comfyllama] I strongly suggest that the county encrypt laptops also as a precaution. This way, IF confidential information found it's way onto a laptop it would still be protected. Encryption (when implemented correctly) offers excellent protection for a fraction of the cost of a breach.
"Anyone who has information about the missing computer is asked to contact the Cabarrus County Sheriff’s Office at ."
Commentary:
This is another breach made possible through the lack of encryption on a mobile device (laptop). In my mind I hold the person that made the decision to allow this data on laptops without proper protection more accountable than I do the EMS worker that forgot the laptop on the bumper.
Past Breaches:
Unknown
Posts Atom 1.0
Comments