AOH :: ISNQ5405.HTM

Personal data on stolen NIH laptop was not encrypted




Personal data on stolen NIH laptop was not encrypted
Personal data on stolen NIH laptop was not encrypted



http://federaltimes.com/index.php?S=3442638 
 
By ELISE CASTELLI
FederalTimes.com
March 24, 2008 

Personal data on a stolen National Institutes of Health laptop was not 
secured by encryption measures, as federal regulations require.

As a result, medical data on nearly 2,500 patients is at risk following 
the February theft of a laptop from the locked trunk of a laboratory 
researchers car.

The [National Heart, Lung and Blood Institute] recognizes that such 
information should not have been stored in an unencrypted form on a 
laptop computer, said Elizabeth Nabel, director of NHLBI, a division of 
NIH. However, at the time of the theft, the laptop was off and protected 
by a password that would take considerable computer sophistication to 
crack, she said in a March 24 statement.

Letters to affected patients participants in a cardiac MRI study between 
2001 and 2007 didnt go out until March 20, nearly a month after the 
computer was reported stolen.

The NIH Center for Information Technology determined that the theft was 
random and there is a low likelihood that patients identities would be 
stolen, Nabel said.

NIH is working to improve data security following the data loss. All 
NHLBI laptops will be encrypted according to Office of Management and 
Budget rules, she said.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 

Site design & layout copyright © 1986-2014 CodeGods