If you think you've been hearing a lot lately about missing laptops from the Department of Veterans Affairs, it's because CIO Roger Baker since May has been holding monthly briefings on information security within the department.
On Friday, Baker reported that more computers were lost in August, yet something was different this time.
For one thing, it wasn't just one laptop that went missing, but 10. And, fortunately, Baker believes no personal information was compromised. (Contrast that to a 2006 theft of a laptop that contained healthcare and other personal data on more than 26 million veterans.)
One of the lost computers was used to help design prosthetic devices and only contained "dummy" data for test cases, NextGov reports. Another disappeared from a supposedly secure storage room, where an IT staffer had earlier been installing software -- but no patient data -- on new machines.
Most importantly, though, seven more of the lost laptops were encrypted, according to the VA report. The one taken from the storage room was due to be encrypted, too.
I know encryption can be expensive, but come on, it costs far less than a significant breach would. Fines for HIPAA breaches have gone up, and states now have the authority to enforce federal healthcare privacy regulations. Lose patient data in a careless manner and you'll probably have to pay for credit and identity monitoring for the affected individuals. Not to mention, your reputation will take a hit.
Let's face it, if a portable device is to store or process protected health information, can you really afford not to encrypt it? - Neil