http://federaltimes.com/index.php?S=3442638 By ELISE CASTELLI FederalTimes.com March 24, 2008 Personal data on a stolen National Institutes of Health laptop was not secured by encryption measures, as federal regulations require. As a result, medical data on nearly 2,500 patients is at risk following the February theft of a laptop from the locked trunk of a laboratory researchers car. The [National Heart, Lung and Blood Institute] recognizes that such information should not have been stored in an unencrypted form on a laptop computer, said Elizabeth Nabel, director of NHLBI, a division of NIH. However, at the time of the theft, the laptop was off and protected by a password that would take considerable computer sophistication to crack, she said in a March 24 statement. Letters to affected patients participants in a cardiac MRI study between 2001 and 2007 didnt go out until March 20, nearly a month after the computer was reported stolen. The NIH Center for Information Technology determined that the theft was random and there is a low likelihood that patients identities would be stolen, Nabel said. NIH is working to improve data security following the data loss. All NHLBI laptops will be encrypted according to Office of Management and Budget rules, she said. ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Mar 25 2008 - 00:26:08 PST