Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Laptop with info on heart patients stolen from federal researcher

NIH unit's head says risk of identity theft is low, but she promises increased security measures

By Jaikumar Vijayan
Comments
2
Recommended
277

Active Comments

Anonymous says: Every time I see comments like the ones in this story, it's a red flag for how lax the security...
Read the rest | Reply
Anonymous says: since it aint encrypted can a person jus take out the hd and connect it using an external hd and...
Read the rest | Reply
All Comments (2) | Post New


Zone

Featured Zone
The Security Zone

With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical...

Learn more in The Security Zone
See All Zones

March 24, 2008 (Computerworld) Unencrypted medical information of about 2,500 participants in a cardiac study conducted by the National Heart, Lung and Blood Institute (NHLBI) may have been compromised by the theft of a laptop PC last month.

The potentially compromised information includes the names, birth dates and hospital medical record numbers of the study participants, as well as data from reports about cardiac MRI procedures performed on them, the NHLBI said in a statement issued today. The MRI reports contain information such as heart measurements and diagnoses, according to the statement, which was attributed to NHLBI Director Elizabeth Nabel.

However, Nabel added that no Social Security numbers, addresses, phone numbers or financial data were stored on the laptop. In addition, the system was password-protected. As a result, the theft of the laptop poses a "low likelihood" of identify theft or misuse of financial data, she said.

Nonetheless, Nabel apologized for the failure to encrypt the data on the stolen laptop. And she said that the NHLBI, which is part of the National Institutes of Health (NIH), is working to ensure that all of its researchers have encryption software on their laptops and that they use the technology.

"Although the laptop was turned off and password-protected, so that retrieving the confidential information would require considerable computer sophistication, the NHLBI recognizes that such information should not have been stored in an unencrypted form on a laptop computer," Nabel said as part of the statement.

The Bethesda, Md.-based NHLBI does research on the causes, prevention and treatment of heart, blood and lung diseases. The study in question involved the collection of data from cardiac MRI procedures done from 2001 to last year at NIH facilities and at Bethesda-based Suburban Hospital.

According to a story published by The Washington Post on Monday, the laptop was stolen on Feb. 23 from the locked trunk of a car belonging to the laboratory manager who oversees the NHLBI's cardiac MRI research program.

Nabel's statement didn't mention the date of the theft, but it noted that an internal review board at the NHLBI decided March 4 that the participants in the study should be notified of the incident. A notification letter was approved last Thursday and then sent via overnight delivery to each of the affected individuals for whom the institute had a current address.

The statement issued today didn't explain why the NHLBI took more than two weeks to issue the notices after the review board made the decision that they should be sent out. Officials at the institute didn't immediately return calls seeking comment on the matter.

As part of its efforts to boost security following the theft, the NHLBI has also "emphasized" to staffers that storing patient names and identifiable medical information on laptops is prohibited, Nabel said. In addition, she said that the organization will continue to "strongly" enforce a requirement that all workers take regular computer security training courses.



Make a Comment Recommend Story Slashdot this Digg this
Print Story Send Feedback Email this Reprints

Related Content

Webcast: Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare
Whitepaper: IronPort Encryption Technology: Safeguarding Business Email

CW Report: An Apple for Your Enterprise?
Is there a hidden cost to data protection?
Global News Update: Monday, December 1, 2008
NHS' grim catalogue of data breaches
Global Dispatches
Who's been reading my cell-phone records?

Today's Top Stories

Clues point to Jan. 13 release of Windows 7 beta
Microsoft releases Vista SP2 beta
Obama's DHS pick may find support for raising H-1B cap at confirmation hearing
IBM wants info from Apple execs in Papermaster case
License server glitch exposes SonicWall users to e-mail security threats
Report: Former AOL chief exec tries to raise funds to buy Yahoo

What People Are Saying

See comments | Add new
See comments | Add new

Resource Alerts

to receive Security Resource Alerts

Webcasts

Web Threats Don't Discriminate

The Secure Web Gateway. Mission Critical For Business

Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare

Whitepapers

Learn How to Think Ahead of Attacks and Protect your Data For the Future

IronPort Web Reputation Filters Tech Note

IronPort Encryption Technology: Safeguarding Business Email

Computerworld Reports

Compterworld Technology Briefing: Intelligent Users Use Business Intelligence

Computerworld Report- Large Enterprises Pay More for IPAM

An Apple for Your Enterprise?

Editor's Picks

Clues point to Jan. 13 release of Windows 7 beta

Microsoft releases Vista SP2 beta

Obama's DHS pick may find support for raising H-1B cap at confirmation hearing

IBM wants info from Apple execs in Papermaster case

License server glitch exposes SonicWall users to e-mail security threats

Report: Former AOL chief exec tries to raise funds to buy Yahoo

Shark Bait
View Shark BaitFired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.

New baits
Shark Bait
Webcast

Turning information into a Competitive Advantage "Turning information into a Competitive Advantage"

Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage.

View this webcast now! more

See more Webcasts more
TODAY'S TOP BLOG
Patrick Thibodeau:
Satellite images of U.S military bases Which is more important? Helping terrorists or protecting military bases? Answer: protecting Web 2.0 ... [more]
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
The 2008 ERP in Manufacturing Benchmark Report Summary
IronPort Web Reputation Filters Tech Note
Designed to Manage Lean Principles
View more whitepapers 
 


Webcast: The Automation of IT Compliance Programs: Reducing Risk, Cost and Complexity of Corporate Compliance
To meet the growing number of industry and federal regulations, businesses spend significant time, effort, and budget determining how to best meet continuously evolving IT compliance requirements this new Forrester Research and Juniper Networks Webcast led by industry experts who examine global IT security and compliance trends, common IT compliance issues and challenges, and best practices for successful IT compliance programs.

View this webcast 
Whitepaper: Tackling the Top Five Network Access Control Challenges
The major challenge enterprises face today is how to create innovative business models and to increase productivity by opening the network to a dynamic workforce, while at the same time protecting critical assets from the vulnerabilities that openness and user mobility bring. In addition, to comply with industry and governmental regulations, enterprises must prove that they have stringent controls in place to restrict access to sensitive data. This paper describes the top five networking access control challenges that companies like yours are facing and solutions that they are deploying today.

Download this white paper 
Whitepaper: Addressing PCI Compliance with a Comprehensive Network Access Control Solution
The Payment Card Industry (PCI) is one of the most comprehensive data security standards in a cluster of regulations that have emerged over the past decade. Meeting its requirements is both complicated and expensive for many companies. Learn how a comprehensive access control solution allows retailers and consumer organizations adhere to the core tenets of PCI, and delivering the necessary information and reports needed for compliance audits.
Download this white paper 
Whitepaper: Control System Cyber Vulnerabilities and Mitigation of Risk for Utilities
Today's global industrial infrastructure includes thousands of electric utilities, water/wastewater management companies, oil and gas suppliers, chemical manufacturers and other facilities critical to daily functioning. Learn why relying on off-the-shelf operating systems and Internet-based remote access control to carry out production tasks, traditional control networks can leave today's global industrial infrastructures vulnerable to hackers, extortionists, worms, viruses and application-level attacks. Deploying network-based security can protect these at-risk systems–without requiring infrastructure replacement.
Download this white paper 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.