Posted on 02/22/2008 3:31:28 PM PST by happinesswithoutpeace
It emerged last night that a laptop containing close to 175,000 patient records belonging to the Irish Blood Transfusion Service was stolen in New York.
The news comes within weeks of Labour TD Ruairi Quinn warning that data protection in Irish government departments needed better controls. He revealed nearly 100 notebook and desktop PCs have been lost or stolen from Irish government departments over the past five years, along with 14 BlackBerry smartphones and 11 portable media devices.
In recent weeks, Pat Moran of Ernst & Young’s Risk Advisory Services practice told Siliconrepublic.com that the prevalence of laptop theft was greater than public or private sectors organisations were reporting.
“Organisations in Ireland are losing laptops or having them stolen on a frequent basis. Not just laptops but information on USB keys, which I would be more worried about than laptops.
“Another problem is the fact that PCs which go out of commission after three years are being disposed of in a very loose manner. Data which may not be fully scrubbed from a hard drive could represent a major threat to organisations and personal security,” Moran said.
The laptop at the centre of the latest controversy was stolen from a worker at a New York blood bank who had been contracted to upgrade its software. The worker was reportedly mugged outside his home earlier this month and the laptop taken.
The laptop contains files which relate to 174,324 donor records and 3,294 patient blood group records made between July and October last year.
The donor records include details of names, addresses, dates of birth, gender, blood group and contact phone numbers.
It is understood the Irish Blood Transfusion Service will be writing to all donors concerned, warning that while the records on the stolen laptop were encrypted, there may be a remote chance that the data might be accessed by a third party.
The news comes within weeks of the Irish Blood Transfusion Service deciding to abandon the construction of a system to monitor the progress of blood products after €740,000 was spent on the project. An upgrade of the system following recent blood-related scandals would have cost the taxpayer €3.1m.
The records were on a CD that was encrypted with a 256-bit encryption key. These records were transferred to a laptop and re-encrypted with an AES 256-bit encryption key.
Coming soon to a clinic near you.
What’s the market for 60-proof blood anyway?
Then there is a good chance that the data is secure, unless the password is bad (usually because it is too short, or because it is a word found in a dictionary) or the password is known to others or guessable by others, or, as is more likely, because the user left the password printed on a Post-it note labeled "Password" taped to the bottom of the laptop.
“Then there is a good chance that the data is secure, unless the password is bad...”
Or the thief is a pro and did something like this:
http://www.networkworld.com/news/2008/022108-disk-encryption-cracked.html
Interesting piece, thanks.
I have a feeling that quite a few organizations are soon going to tell their laptop users to stop using hibernate mode, to shut their laptops off after every use, and to maintain control of the laptop for at least a minute after shutting it off.
Perhaps some repetitive overwriting of the DRAM as part of shutdown procedure?
In the US, The Red Cross also ties social security numbers to each donor. Do you know if they do something similar in Ireland? Maybe some identifier that could be used in identity theft?
What is it with Chelsea and Hillery and their wide eyes and goofy smiles? Don;t they realize how ridiculous they look?
That is mentioned in the countermeasures section of the Princeton PDF.
More info here.
Someone here posted a pic of Hillary doing that the other day with words reflecting the martians comedy movie....ack ack ack ...ackackackack !!
Funny stuff !
Maybe we can get Slim Whitman to do her campaign song !
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.