follow-up: Personal data on stolen NIH laptop was not encrypted

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://federaltimes.com/index.php?S=3442638

By ELISE CASTELLI
FederalTimes.com
March 24, 2008

Personal data on a stolen National Institutes of Health laptop was not 
secured by encryption measures, as federal regulations require.

As a result, medical data on nearly 2,500 patients is at risk following 
the February theft of a laptop from the locked trunk of a laboratory 
researchers car.

The [National Heart, Lung and Blood Institute] recognizes that such 
information should not have been stored in an unencrypted form on a laptop 
computer, said Elizabeth Nabel, director of NHLBI, a division of NIH. 
However, at the time of the theft, the laptop was off and protected by a 
password that would take considerable computer sophistication to crack, 
she said in a March 24 statement.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml