Computer theft is nothing new, as many people everyday find that they have their laptops stolen. However, the issue that arises with computer theft is data encryption. This is a dominant issue in the world of network security as several companies have had data stolen, which potentially has put thousands of people at risk of identity theft.
Three organizations have made news headlines as laptops and data have been stolen via thieves taking the computers complete with the hard drives. The Boston Baskin Cancer Foundation reported that a hard drive was stolen from an employees home on December 2, 2021. This hard drive contained patient records which included social security numbers, names, birth dates and clinical information. In addition, the employees had their personal information on these hard drives which also included social security numbers, pay grades, and other personal information. All in all, they believe that 56,694 patients have been compromised.
Aspire Indiana, a non profit organization, also acknowledged a breach when laptops were stolen from administrative offices. These laptops held patient information such as social security numbers, medical records, and personal health information. In total, they are reporting that 45,030 patients have had their files breached.
Five laptops were also stolen from US Central Command, however, it has been reported that they do not believe any vital information was leaked. This is in part due to file encryption that the US Central Command has in effect.
In the above cases, both Boston Baskin Cancer Foundation and Aspire Indiana, have confidential information on these hard drives. Which raises the question as to why weren’t these hard drives encrypted? Aspire Indiana president stated:
“We have taken steps to enhance our security, including upgrading our alarm and security systems.”
Yet, there is no mention of encrypting hard drives.
Patients of Boston Baskin Cancer Foundation have spoke up saying that allowing employees to take laptops home should no longer be the policy. If this were not allowed, perhaps the breach would not have happened. This is a good point. However, since the data was not encrypted, even if the laptops were stolen from the organization, the data could have been taken anyways. As the Aspire Indiana case shows.
According to Gemalto’s Breach Level Index latest study 1,500 data breaches in 2021 led to the compromising of 1 billion records in 2021. In addition, it seems that 54% of the data breaches in 2021 were for the sole purpose of identity theft.
The damage has been done for those companies who have had their information stolen. However, there is a way to correct the issues that are present to ensure these data breaches do not happen again, or that they do not affect consumers. Gemalto vice-president Tsion Gonen stated:
“Companies need to adopt a data-centric view of digital threats starting with better identity and access control techniques such as multi-factor authentication and the use of encryption and key management to secure sensitive data. That way, if the data is stolen it is useless to the thieves.”
For consumers and/or patients that are part of those who may have had their data breached, now is the time to start monitoring your accounts. With all the information that these thieves could have retrieved, it would be simple enough to steal the identity of the person. According to Gonen:
“Identity theft could lead to the opening of new fraudulent credit accounts creating false identities for criminal enterprises, or a host of other serious crimes.”
For these consumers it could be in their best interest to invest in an identity theft protection program to ensure that if there is an attempt to open up new accounts, this is stopped immediately.