Security Experts:

Unencrypted Laptop Stolen From Home Health Monitoring Firm Puts 116,000 At Risk

Just days after NASA warned that a laptop containing unencrypted sensitive employee information was stolen from the space agency, another large organization has come forward and acknowledged a similar incident, also involving a stolen laptop loaded with sensitive personal information, and resulting in many individuals being put at risk.

Late Tuesday, Alere Home Monitoring, a Waltham, Massachusetts-based provider of anticoagulation monitoring and management services, said that a company-owned laptop containing sensitive individual information, including names, addresses, dates of birth, Social Security numbers, and diagnosis codes had been stolen.

The company said that it has notified approximately 116,000 individuals about the data loss incident, and is now reaching out to the media.

According to Alere, the laptop was taken from a locked vehicle belonging to an Alere employee.

In typical post-breach fashion, the company is offering impacted individuals free credit monitoring service for one year, but said they see no reason to believe that the information on the stolen computer has actually been accessed or inappropriately used. Unfortunately, that’s impossible to tell, and if it did fall into the hands of a savvy criminal, many could be at risk of ID theft.

While Alere may be unfamiliar to many, it’s no small company. Publically traded Alere (NYSE:ALR) currently supports a market cap of nearly $1.5 billion and announced earlier this month that it had net revenue of $691.4 million for the third quarter of 2012.The company claims that it has helped over 10,000 clinicians track 450,000 patients and 30 million INR tests.

The company said that in response to the incident, it has bolstered its information security program by deploying encryption to laptops that connect to its corporate network. In addition to other measures, the company said it would provide additional education to its staff.

“CIOs need to remember that just encrypting a laptop solves only a fraction of data breach risk,” Mark Bower, data protection expert and VP at Voltage Security told SecurityWeek recently.

“Data moves to and from laptops – in emails, files, and as data to and from applications and servers. So while encrypting a laptop might be a first reaction, with attackers going after data in flight and the risk of accidental breach through multiple channels (whether its data at rest, in use or in motion), wherever there’s a security gap with data in the clear, it’s vulnerable to compromise,” Bower explained. “It’s important for CIOs to consider new and more effective ways of preventing breaches – for example, data-centric security.”

An Alere Home Monitoring spokesperson did not immediately respond to SecurityWeek’s request for comment.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.