Cedars-Sinai Medical Center

Unencrypted laptop theft in Cedars-Sinai

August 22nd, 2014

Cedars-Sinai Medical Center in Los Angeles suffered data breach when an unencrypted laptop was stolen. According to the reports, incident has compromised more than 500 patients’ data. Laptop contained information which included protected health information (PHI) such as medical record numbers, patient identification numbers, lab testing information, treatment information and diagnostic information, as well as some patient social security numbers.

Laptop was stolen from employee’s home and the whereabouts are still unknown. Cedars-Sinai removed remote access to its network from the laptop and is notifying affected patients via letter. Medical center has organization-wide device encryption policy in place.

“Cedars-Sinai retained independent experts in computer forensics to manually and electronically review the files that may have been on the laptop at the time of the theft and to identify any Cedars-Sinai patients whose information may have been stored on the stolen device,” the statement read. “This investigation is ongoing.”

Earlier, encryption software was not installed when laptop’s operating system was updated and thus resulted in policy violation.

“Cedars-Sinai takes the security of our patients’ health information very seriously, and has multiple security safeguards in place to protect health information,” said David Blake, Cedars-Sinai’s chief privacy officer. “Even a potential data security incident on a single computer, as has occurred here, is not acceptable to us. We apologize to the people affected by this incident, and have taken actions to prevent any re-occurrence.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.