IT Asset Security: March 2008 Archives

NIH Laptop Stolen

By
Betsy Lombardo
on March 24, 2008 2:19 PM | | Comments (0) | TrackBacks (0)

The Washington Post reported today that a government laptop belonging to the National Institutes of Health (NIH) was stolen last month while in the possession of an NIH employee. The laptop apparently contains sensitive medical data on 2,500 patients who were enrolled in a confidential NIH study, which was not encrypted. This incident highlights the necessity that organizations take steps necessary to ensure the security of highly sensitive or confidential information, or Personally Identifiable Information (PII.) IT security is an issue that is becoming more and more relevant as cases of identity theft continue to increase.

In 2006, after a laptop containing PII of veterans and active-duty service members was stolen belonging to the Department of Veteran's Affairs (VA), the Office of Management and Budget issued a recommendation that all portable IT devices be loaded with encryption software. One year later, this recommendation became a requirement for any portable device that may contain sensitive information.

The article also states that a recent study conducted by The Government Accountability Office (GAO) found that this month alone, at least 19 of 24 government agencies reviewed had experienced at least one breach that could potentially expose PII to identity theft. These findings illustrate the need for organizations, public or private, to place the highest priority on accounting for sensitive data, which now more than ever reside on portable, even hand-held devices. The theft of a desktop computer is not likely....the theft or loss of a laptop, a PDA, or a Blackberry is almost an inevitability. Organizations must ensure that property management procedures are in place to prevent PII falling into the wrong hands not only by encrypting sensitive data, but more importantly, by placing a much higher priority of accountability on devices that are portable or that may contain sensitive data. Equally as important, they must ensure that staff is knowledgeable about and fully compliant with those procedures.

« IT Asset Security: February 2008 | Main Index | Archives

Pages

Search

Recent Entries

Archives

Categories

About this Archive

This page is a archive of entries in the IT Asset Security category from March 2008.

IT Asset Security: February 2008 is the previous archive.

Find recent content on the main index or look in the archives to find all content.

Stats Counter

  • 0

Powered by Visitor Stats

Most Read Entries