From: lyger (lygerattrition.org)
Date: Sun Mar 23 2008 - 21:09:44 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.washingtonpost.com/wp-dyn/content/article/2008/03/23/AR2008032301753.html

A government laptop computer containing sensitive medical information on
2,500 patients enrolled in a National Institutes of Health study was
stolen in February, potentially exposing seven years' worth of clinical
trial data, including names, medical diagnoses and details of the
patients' heart scans. The information was not encrypted, in violation of
the government's data-security policy.

NIH officials made no public comment about the theft and did not send
letters notifying the affected patients of the breach until last Thursday
-- almost a month later. They said they hesitated because of concerns that
they would provoke undue alarm.

The handling of the incident is reminiscent of a 2006 theft from the home
of a Department of Veterans Affairs employee of a laptop with personal
information about veterans and active-duty service members. In that case,
VA officials waited 19 days before announcing the theft.

[...]
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]