Sections
Neighborhoods
Features
Follow Us
NHI Newsletter
Legal Notices
Some Favorite Sites
- 5 Snacks After 10
- Abram Katz
- African independent
- At Risk for HD
- Back To Basics
- barista
- Branford Eagle
- Business NH
- Conn Art Scene
- Cornwall-On-Hudson
- Crosscut
- CT Business Litig
- CT Capitol Report
- CT Energy Blog
- CT Enviro Headlines
- CT Green Scene
- CT Law Tribune
- CT Local Politics
- CT Mirror
- CT News Junkie
- CT Watchdog
- CTV
- Design New Haven
- Gotham Gazette
- Hartford Guardian
- Josiah Brown
- Karman Turn
- La Voz Hispana
- Laurel Club
- Len's Lens
- Magrisso Forte
- Media Attache
- Media Nation
- Medical Intelligence
- Middletown Eye
- MinnPost
- My Left Nutmeg
- NBC Connecticut
- NH Advocate
- NH Register
- NH Review of Books
- NH Youth Map
- Northampton Media
- OneWorld
- Only In Bridgeport
- Oral History Project
- Reddit NH
- Road To Greenness
- Saved By Design
- See Click Fix
- Smartpill Design
- Specials In NH
- St. Louis Beacon
- Taste Of NH
- Tom Ficklin
- Valley Independent Sentinel
- Voice of SD
- VT Digger
- WFSB-TV
- WPKN Today
- WTNH
- Yale Daily News
- YourCT
Government/ Community Links
- Advocate Calendar
- Agency on Aging
- Animal Shelter Volunteers
- Arte Inc.
- Arts Council
- Beth El Keser Israel
- Bike New Haven
- Chamber of Commerce
- Children's Museum
- City of New Haven
- CitySeed
- Citywide Youth
- Community Loan Fund
- Community Mediation
- ConnCAN
- Creative Arts Workshop
- CT BAEO
- CT Tech Council
- Dariba Referrals
- Data Haven
- Elm City Cycling
- Elmseed
- Empower NH
- Friends Of Wooster Sq.
- GAVA
- Habitat For Humanity
- Info New Haven
- IRIS
- Jazz Haven
- Jewish Federation
- Job Finder
- Junta
- Labor History
- LEAP
- Legal Aid Network
- Literacy Coalition
- Magrisso Forte
- Mary Wade
- Music Haven
- New Haven 828
- New Haven Chorale
- New Haven Reads
- New Life Corp.
- NH Bulletin
- NH Land Trust
- NH Symphony
- NH/Leon Sister City
- NHS
- Orchestra NE
- PAR
- Parents Available to Help
- Pat Dillon
- Peace News
- PechaKucha
- Planned Parenthood
- Police
- Promoting Enduring Peace
- Public Allies CT
- Public Library
- Public Schools
- Public Works
- Rainbow Girls
- Register Calendar
- REX
- ROOF
- SAMA
- SCSU Events
- Share Our Voices
- Shubert
- Solar Youth
- Soul-O-Ettes
- Squash Haven
- United Way
- Urban Design League
- Urban Resources Initiative
- Ward 25 Blog
- Ward 26 Blog
- Westville Chabad
- Westville Renaissance
- Westville Synagogue
- Workforce Alliance
- Yale Events
- Yeshiva NH Shul
- Yeshiva Of NH
- Youth Continuum
Blumenthal Investigates Yale Security Breach
by Staff | Aug 18, 2010 5:34 pm
(4) Comments | Commenting has been closed | E-mail the Author
Posted to: Health Care
Attorney General Richard Blumenthal wants to know why a Yale Medical School laptop computer disappeared with the personal health records of up to 1,000 people.
Blumenthal announced Wednesday afternoon that he’s launching an investigation into the causes of the incident and into whether it involved the violation of state or federal law.
“This breach—similar to recent breaches by others—must be a reminder to guardians of sensitive health information about their significant legal and moral obligation to protect privacy,” Blumenthal declared in a written statement.
Yale notified Blumenthal about the disappearance on Wednesday.
The laptop disappeared from the office of a medical school data analyst the night of July 28, according to a release issued by Yale Wednesday. The computer is password-protected but not encrypted.
Yale and city police have been investigating the incident. Yale has been notifying people whose records were in the computer.
“No Social Security, financial or insurance numbers were contained in the computer’s files,” Yale’s statement read. “While access to the stolen laptop was protected by a password, the laptop was not encrypted.”
“We deeply regret this incident. The School of Medicine considers the privacy of its patients of paramount importance,” the release quoted medical school Dean Robert Alpern as saying. “In addition to affirming all of our existing measures to protect patient privacy, we are moving to introduce immediately several security upgrades.”
Post a Comment
Comments
posted by: Ronald Solano on August 19, 2010 7:13am
While protection of health information would come under HIPAA, there is always the question about an organization that allows personal health and other sensitive information on laptops and not taking measures to protect that data. Data that may be protected on a sever can be exposed when downloaded to a laptop that is not protected. Simple Password protection is passe in todays world. The laptop that stores sensitive information must also be protected from offloads to unprotected stick drives etc. Preventative controls ‘may need’ to be in place to prevent offloads to stick drives.
posted by: Bill on August 19, 2010 8:00am
I’m glad the Attorney General is looking into whether stealing a laptop computer is against the law. We need to know this.
posted by: Janice Taylor-Gaines on August 19, 2010 10:42am
Great article highlighting the need for everyone to have a much higher computer/data security awareness. Everyone needs to be a mini-Security Officer today. Check a (free) blog, “The Business-Technology Weave” (can Google to it) - it reflects what this article is saying. The majority of breaches are due to human error, therefore awareness and common sense are key, in supporting all necessary best practices. The blog author also has a book we use at work, “I.T. WARS” (you can Google that too). It has a great Security chapter, and others that treat security. Highly recommended. Great stuff.
posted by: Anon on August 19, 2010 5:56pm
. “In addition to affirming all of our existing measures to protect patient privacy, we are moving to introduce immediately several security upgrades.”
Affirming existing measures? You’re way too permissive! It’s not taken seriously enough.
The handling of laptops with health info on them is covered in various procedures, some federal, on Yale’s website in PDF files and the NHI should have consulted those. They are specific. They aren’t optional.
Among the requirements are these:
The data is REQUIRED to be encrypted;
Also, a locking cable is REQUIRED to be used to prevent laptop theft in some environments, possibly including internal offices. (?)
Guidelines are spelled out online. Anyone can read them, access them and, most importantly, follow them. They arenn’t complicated.
