Yale School of Medicine breach is under investigation by AG
|
Date Reported:
8/18/10
Organization:
Yale University
Contractor/Consultant/Branch:
Yale School of Medicine
Location:
Victims:
Patients
Number Affected:
"about 1,000"
Types of Data:
"health information"
Breach Description:
"The security of personal health information of up to 1,000 people could have been compromised when a laptop was stolen from Yale Medical School."
Reference URL:
NBC News
WJTV.com
Wall Street Journal
Report Credit:
NBC News
Response:
From the online sources cited above:
NEW HAVEN, Conn. (AP) The Yale School of Medicine says it has begun notifying about 1,000 people whose health information was contained on a stolen laptop computer.
[Evan] How many times have we read about breaches concerning lost/stolen laptops containing sensitive information? It's a broken record that just keeps going around and around.
Yale officials said there was no indication any information on the computer has been misused.
Yale and New Haven police are investigating.
The computer was stolen July 28 from the office of a data analyst at the School of Medicine.
[Evan] It is important to note that this laptop was stolen from the facility. What physical controls are used by the School of Medicine to prevent theft from the facility?
Yale officials said no Social Security, financial or insurance numbers were contained in the computer's files.
[Evan] I am more concerned with compromised health information than I am about other personally identifiable and/or financial information.
While access to the laptop was protected by a password, files were not encrypted.
[Evan] Password protection is not adequate protection. Windows XP Pro passwords are easily bypassed in less than 60 seconds. There is no excuse for not encrypting laptop hard drives that may access and/or store sensitive information.
Dr. Robert Alpern, dean of the School of Medicine, said Yale deeply regrets the incident and is moving quickly to introduce security upgrades.
Attorney General Richard Blumenthal said his office is investigating to determine what caused the security breach and whether state or federal laws have been violated.
[Evan] Blumenthal is in the midst of a hotly contested U.S. Senate race. He is running as a Democrat against Republican Linda McMahon. I don't know how it's relevant to this breach, but I just though you should know if you didn't.
“Yale Medical School is cooperating with my office -- recognizing that it has a profound responsibility to safeguard sensitive health information, and must be accountable to approximately 1,000 individuals whose information may be at risk,” Blumenthal said. “My office has begun an investigation to identify the cause of the breach and assure ongoing protections for patients.”
“This breach -- similar to recent breaches by others -- must be a reminder to guardians of sensitive health information about their significant legal and moral obligation to protect privacy.”
[Evan] This breach is absolutely similar to other breaches, so you think that you should know better by now.
Commentary:
What is there to say? This is another breach that should have been prevented. I don't have a good answer for why people/organizations allow people to use unencrypted laptops.
Past Breaches:
Yale University:
August, 2007 - Yale University Exposes 10,200 in Stolen Computers
Posted by Evan Francen at 8/26/2010 9:15 PM 
Categories: Yale University, Stolen Laptop, Yale School of Medicine
Categories: Yale University, Stolen Laptop, Yale School of Medicine
Posts Atom 1.0
Comments