Was sensitive data stolen along with laptop encrypted?
Published: Thursday, September 1, 2005 at 6:01 a.m.
Last Modified: Thursday, September 1, 2005 at 12:00 a.m.
This regards the Aug. 27 front-page article about the theft of a laptop computer with data on patients of University of Florida physicians. The data includes names, Social Security numbers, dates of birth and medical record numbers.
The theft of the laptop has potential for identity theft, which, if it occurs, is a dreadful experience for the victims. I am alarmed because I am one of those patients, although I did not receive the letter from UF Privacy Officer Susan Blair that is cited in the article.
Your article fails to mention whether the data on the laptop was encrypted and therefore can be used only by a person who has a key to decipher the encryption. This kind of reporting is careless.
A company, like ChartOne of Boston, just cannot be allowed to ship laptops with customer-sensitive data that is not encrypted. If the data was encrypted, then your careless reporting has caused many people unnecessary grief. If the data was not encrypted, then ChartOne of Boston is guilty of criminal negligence, and that should be reported too.
According to your article, those who received the letter from Susan Blair were asked to contact the three major credit card reporting agencies to put a fraud watch on their accounts. One of the patients whose information was in the database said she has spent $300 to put fraud alerts on accounts held by her husband, daughter and herself. This is highly unfair.
If the data was encrypted, then I see no need for fraud alerts. If the data was not encrypted, I strongly feel that ChartOne should help potential victims to get the fraud alerts in place, and should pay for the cost.
Comments are currently unavailable on this article