A laptop stolen from a member of the faculty of New Orleans School of Medicine has exposed patient data of citizens living in Mississippi and Louisiana. The laptop was stolen from a doctor’s car and the doctor reported the laptop as stolen to the police and to the university.
Leaving company issued devices in vehicles is a practice that firms should restrict through policy and severely enforce non-compliance. The university did not have a published standard and policies for their employees to adhere to and the laptop was not encrypted. As we compile the facts, these mishaps/violations will lead to very hefty fines.
The root cause of the problem is two fold, technical and non-technical. Hopefully this issue will educate companies to the fact that information security is not information technology and total security comprises a multitude of segments in order to secure an organization.
Please contact us for more information!