Patient records stolen during pot referral office burglary

|

Date Reported:
6/3/10

Organization:
Safe Harbor Med Evaluations (No Website)

Contractor/Consultant/Branch:
None

Location:


Victims:
Patients

Number Affected:
Undisclosed

Types of Data:
"social security numbers, ID numbers and other sensitive information"

Breach Description:
"SANTA CRUZ - Burglars stole a client records (database), a suitcase and two bags of cookies from a medicinal marijuana referral office on the 500 block of River Street late Monday or early Tuesday, Santa Cruz police reported. "

Reference URL:
San Jose Mercury News
Santa Cruz Sentinel

Report Credit:
Jennifer Squires, Santa Cruz Sentinel

Response:
From the online sources cited above:

SANTA CRUZ - Burglars stole a client records (database), a suitcase and two bags of cookies from a medicinal marijuana referral office on the 500 block of River Street late Monday or early Tuesday, Santa Cruz police reported.
[Evan] Two stolen bags of cookies from a medicinal marijuana referral office is classic.

Safe Harbor Med Evaluations staff reported the theft around noon Tuesday.

Burglars stole a computer hard drive that contained a client database, including ID numbers and other sensitive information, police reported.

The burglars apparently cut power to the building - so the alarm didn't go off - and shattered a window to get into the office.

The theft was discovered hours after it occurred.

Police and office staff are establishing a list of the affected clients so they can be contacted and notified.

Fraud alerts may be placed on their credit reports as a precaution, according to police.

Commentary:
We don't have much information to go on regarding this breach; only what we read above.  Although we are limited in what we know, we can assume some things and make some conclusions.  For one, I doubt that the stolen hard drive was encrypted.  Hard drive (and data at rest) encryption are valuable to prevent unauthorized information disclosure in cases such as these; physical theft or loss of media.  Mitigating controls for the lack of data at rest encryption include strong physical security and sound data destruction/media reuse procedures.  In this case, we can read that physical security controls were lacking, which increases the need for data at rest encryption.  Do you see the interaction between the two types of controls?

Past Breaches:
Unknown

Posted by Evan Francen at 6/10/2010 2:51 PM
Categories: Stolen Media, Safe Harbor Med Evaluations
 
Trackbacks
Trackback specific URL for this post
  • No trackbacks exist for this post.
Comments
  • No comments exist for this post.
Leave a comment