Computer stolen from Ecumenical Ministries of Oregon HIV Day Center
Technorati Tag: Security Breach
Date Reported:
9/4/08
Organization:
Contractor/Consultant/Branch:
Victims:
"HIV patients"
Number Affected:
"at least 350"
Types of Data:
"database of patients" and personal information.
Breach Description:
"A Portland program for low-income people with HIV is asking for help in retrieving a computer that was stolen from the center earlier this week."
Reference URL:
Report Credit:
Helen Jung, The Oregonian
Response:
From the online sources cited above:
A computer containing information for at least 350 HIV patients was stolen over Labor Day weekend, Multnomah County officials said Thursday.
The Ecumenical Ministries of Oregon's HIV Day Center, in Northeast Portland, found the door to their office forced open Tuesday morning.
[Evan] I commend Ecumenical Ministries for the work they do for the people they serve, and I understand that they probably don't have a huge budget, but it would be a good idea to invest in basic protections like encryption ($0 - 200/computer) and an alarm system that notifies them and the police at the time of a break-in.
a few monitors, some mail and a computer that contains a database of patients who use the center were stolen
The computer contained the names of about 350 to 400 HIV patients, authorities said.
The database is password protected, but the data was not encrypted, said Shawn Cunningham, a spokesman for Multnomah County
Multnomah County officials said ... that it's possible the password could be cracked.
[Evan] Multnomah County knows that it's possible to crack the password, but do they know how easy it usually is? The decision to add better protection should be a pretty simple one.
There are no Social Security numbers, credit card numbers or bank account information in the personal files, according to the county.
The center is one of several county-backed service providers helping people with low incomes battle HIV.
The exact location of the break-in isn't being released in order to protect patients.
[Evan] How does this protect patients? I must be missing something.
The county is in the process of notifying those whose information is on the database and is reviewing security procedures at those county programs that receive federal funding for HIV services.
[Evan] Is there federal funding available for information security? There should be.
A ministry spokeswoman urged that whoever took the computer return it, with no questions asked.
The day center is now 19 years old, said program director Lowen Berman. It provides hot meals each day, counseling for patients, laundry facilities and other services in a welcoming setting, he said.
Anyone with information can contact Berman at .
Commentary:
I empathize with the victims in this breach. The victims don't have significant financial resources (low-income) and have an incurable disease. To add concern over a personal information leak is sad. I am curious about what information was in the database, exactly.
Speaking of the database... What do you suppose is the actual risk? Is it likely that the thief will access the information in a password-protected database? Is it likely that the information in the database, if accessed, will be used against the victims?
I guess if I were a victim, I think I may have other more important things to worry about. Hard to say.
Past Breaches:
Unknown
Posts Atom 1.0
Comments