In two recent incidents, three laptops filled with healthcare data went missing in Gainesville, my former home. As a consequence, 220,000 people have personal and medical information which may be in undesirable hands:
- AvMed: Data of 208,000 at risk after Gainesville theft
- Stolen Shands laptop had info of 12,500 patients
I found out about the first incident because Erin and I are one of the 200,000 people whose data is at risk, and we got a letter from AvMed about it. I noticed the second looking for more information about the AvMed thefts.
Once again, I find myself angry because of the timing. The AvMed laptops were stolen on Dec. 11. We got our letter in mid-February: more than two months later. Along with a bunch of smarmy-ass corporate doublespeak, the letter included an offer for identity theft protection at AvMed’s expense. Um… thanks!
Hey, sorry we’ve burned down your house eight weeks ago… how about a free fire alarm system?
The AvMed letter also neglected to mention a key detail which comes out in theĀ Sun article: the thief was likely an AvMed employee:
A company security employee reported at 4:20 p.m. that two Dell laptops had been locked in a conference room after staff left at 5 p.m. Dec. 10 and that the door remained locked during each security check and when staff returned at 8:30 a.m. Dec. 11, said Alachua County Sheriff’s Office spokesman Art Forgey.
The employee said the only people with keys are security staff and cleaning crew.
“We don’t want to jump to any conclusions,” said AvMed spokeswoman Cochita Ruiz-Topinka when asked if the thefts were an inside job.
You don’t want to jump to conclusions. Thanks, Cochita. So just how did the laptops vanish, then?
Encrypt all your data, folks. On every laptop. On every desktop. On every server. Now. It isn’t hard. If your IT people are too stupid to do it, fire them and get new people. If your management is too stupid to do that, it’s time for new management.