BreachExchange mailing list archives
Re: Stolen laptop returned to Beaumont Hospital
From: George Toft <george () myitaz com>
Date: Thu, 24 Aug 2006 13:49:36 -0700
In the wake of similar statements in the VA laptop case, I talked to a computer forensics expert and he confirmed that as long as Windows was not used to access the drive, then the markers used to indicate file access will remain intact and indicate no access. It is not unreasonable to assume that a savvy ID thief would make a copy of the drive using Linux. Now they have a copy of the drive, the original is "untouched" and the marketing spin machine touts "nobody accessed the data." It's all marketing spin to downplay the seriousness of their mistake because nobody likes to admit to their customers that they screwed up. George Toft, CISSP, MSIS My IT Department www.myITaz.com 480-544-1067 Confidential data protection experts for the financial industry. World Privacy Forum wrote:
From the Detroit Free Press article: "Hospital officials said an independent computer expert determined that the laptop’s patient information was not accessed during the time it was missing. Yet, they added that the agency will continue to offer free credit monitoring to the 28,473 patients whose information was on the laptop." I've seen several media reports saying similar things such as "the data wasn't accessed" after post-breach recovery of computers. What isn't being said, of course, is that the entire drive could have been copied without specific data being accessed. The "data wasn't accessed" statements need some substantial qualifiers, I think. This is a real flaw in some of the reporting on this issue -- my hope is that even the most general reporting of this becomes more tuned into the copy issue. While not everyone will know how to copy a drive without leaving footprints, the professionals will. Pam Dixon On Aug 23, 2006, at 6:05 PM, lyger wrote:(follow-up to previous post) Courtesy Audit (attrition.org) http://freep.com/apps/pbcs.dll/article?AID=/20060823/NEWS99/60823026 August 23, 2006 By Kim Norris A stolen laptop filled with medical and personal information of more than 28,000 patients of Beaumont Hospital Home Care was returned Wednesday, without any of the patients. information accessed, Beaumont Hospital officials said. Several unnamed employees have since been disciplined, officials said. The laptop computer was inside a car belonging to a home care nurse care when the car was stolen Aug. 5 on Agnes Street in Detroit. It was recovered Wednesday after hospital security officials received more about 50 tips from area residents responding to a hotline number disseminated by local media. [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 142 million compromised records in 307 incidents over 6 years._______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 142 million compromised records in 307 incidents over 6 years.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 142 million compromised records in 307 incidents over 6 years.
Current thread:
- Stolen laptop returned to Beaumont Hospital lyger (Aug 23)
- Re: Stolen laptop returned to Beaumont Hospital World Privacy Forum (Aug 24)
- Re: Stolen laptop returned to Beaumont Hospital George Toft (Aug 24)
- Re: Stolen laptop returned to Beaumont Hospital Chris Walsh (Aug 27)
- Re: Stolen laptop returned to Beaumont Hospital George Toft (Aug 24)
- Re: Stolen laptop returned to Beaumont Hospital World Privacy Forum (Aug 24)