Tuesday, September 24, 2013

Health care and insurance companies on the hook if they don't encrypt PII on laptops; what about working from home?

A major health care provider in Illinois is the object of a class action law suit after four of its laptops or PC’s were stolen.  The problem was that the data on the hard drives was unencrypted.

That means anyone could use the PII on the four computers from Advocate Health Care.

There is a story Sept. 10 Sophos (the anti-virus provider allied with Webroot) by Paul Ducklin here
When I worked for a life insurance company, mostly in the 1990s, it was common for employees to do production support from home, and some, including me, often used personally owned laptops, which in the environment at the time sometimes offered legal advantages.  That’s not so now. Obviously this would be a risk.

ABC has reported that much medical identity theft seems to report in India because so much work is offshored. 

A few companies offer customer service jobs to people to work at home with their own computers, and I wonder if the PII data on home computers is encrypted.  This sounds like a new security wrinkle that can affect the home job market.  

No comments: