The University of Texas MD Anderson Cancer Center recently issued a notice that they have suffered a data breach putting as many as 30,000 patients at risk. Experts predicted that healthcare data breaches would reach "epidemic proportions" in 2012 and we are certainly seeing a continuation of large breaches in this industry. This particular breach offers many opportunities for improvement, which we will go over.
According to the note, an unencrypted laptop was stolen from a MD Anderson employee's home; police and MD Anderson were notified of the theft on May 1st. After outside forensics experts were called in, MD Anderson was able to confirm that the laptop contained patients' personal information including names, medical record numbers, treatment / research information and some Social Security numbers.
There is a lot we can learn from this breach about things MD Anderson could have done better, including:
If you work in healthcare, read more about how Absolute Software can help you best meet your endpoint security and management needs.