Thanks to the commoditization of computer hardware, it’s possible to buy a serviceable laptop that costs less than $500 brand new. This has resulted in many companies relaxing the restrictions they had on their purchase and use, but a small healthcare provider in North Idaho learned a harsh lesson that hardware costs are the least of their worries when it comes to losing a laptop. The Hospice of North Idaho recently had a laptop stolen that contained unencrypted, sensitive personal information on over 400 of their patients, and because this is a violation of the Health Insurance Portability and Accountability Act, the Department of Health and Human Services is slapping the non-profit hospice with a $50,000 fine.
What this means for you:
Even if you aren’t a healthcare provider, being aware of the data on your company’s laptops should be a top concern, regardless of whether you think the data doesn’t fall into the protected class outlined by HIPAA. Mobile electronics, like laptops and smartphones are a prized target of thieves, on top of being ridiculously easy to damage and/or misplace all on their own. If your laptops are used heavily on the road, you should consider encrypting some or all of the data on the device, as well as making sure employees are using physical security devices like cable locks whenever the laptop is set down for more than 5 minutes, even if in a “secured” working environment. If your smartphone has access to any company or customer data, you should have auto-locking enabled and at least a 6-digit pin or password to unlock it. Cable locks won’t stop a determined thief, but it will deter most casual theft, and data encryption + passwords will make sure you never have to have that meeting with a client (or worse, a prospect) to let them know that their data might be at risk.
Image courtesy of “cooldesign” / FreeDigitalPhotos.net