Question: whats the motive of the direct theft of that in this case (i.e. not just someone losing a USB stick on a train)? Some kind of pharmacy prescription fraud? medical insurance fraud? plain old identity theft?
Or just plain old theft of easily removable computers.
Ding ding! The data loss is an unintended side effect. It also begs the question of why any of this stuff was local, as opposed to on servers - it's a bad way to handle records in any case.
Sadly from my many years of corporate IT support, this is usually how most places learn how to not do things.
I know that at least where I work everything local laptop and desktop is encrypted, also anyone with PII access gets their workstation audited regularly for data and since I admin boxes with PII data (though best I can tell I don't have access to the actual data/databases unless it is in standard office/text files) I have a background check every 2 years now thanks to the company getting into similar trouble in the past.
Working in the electronic medical data industry, I can tell you that this isn't a huge surprise. We at my company encrypt 100% of all drives on all computers, and have a severe policy about storing PHI on any machine that isn't a controlled server (in a locked server room at a client location).
Unfortunately, there are lots of companies that are simply too lazy to encrypt hard drives before handing out new computers. With modern OSes its easy enough to do, but its a simple case of laziness on the contractor's behalf.
If there's any upside to this, the thieves are most likely just looking for cheap PCs to flip and have little to no incentive to go digging through files on the machines.
I was working for a company in the 90s that had a laptop stolen with a lot of sensitive data - we "joked" that with all the press it was at the bottom of the bay by now. But seriously - with all the press, it was at the bottom of the bay.
This topic was automatically closed after 5 days. New replies are no longer allowed.