2015 has passed without any large data losses as a result of lost or stolen computers. The previous 10 years are a different story. It can be tricky for businesses to protect from this type of security breach even if your company knows about the risk. In this article, we’ll explore three cases of computer theft that had major repercussions for the businesses in question. Then we’ll talk about how you can keep your documents safe.
Department of Veteran’s Affairs Pays a $20 Million Settlement
In 2006, a data analyst from the Department of Veteran’s Affairs took home a work laptop. It’s unclear whether this was the first time or a normal occurrence. According to the news, the employee took the computer home without permission from the employer.
The laptop and its external hard drive housed the personal information of about 26.5 million active duty troop members and veterans. The information included names, birth dates, and Social Security numbers for each one of these people. Then the laptop was reported stolen.
Fortunately, later investigations by the FBI led to the recovery of the laptop and hard drive. The thieves were apprehended, too. But there is still a chance that the data was accessed and misused. That’s why the V.A. had to face a class-action lawsuit that was eventually settled for $20 million.
Under the terms of the settlement from 2009, only people who can show that they were harmed as a result of this data loss will receive compensation. The $20 million are not coming out of the department’s pockets. Instead, the treasury and its taxpayers will fund this enormous bill.
Interestingly, not all cases of computer theft end in large settlements. Sutter Health was luckier.
Sutter Health Sued Over Data Breach Involving Over 4 Million Patients
In October of 2011, Sutter Health became responsible for the theft of personal data for 4.24 million patients. A thief or several thieves managed to steal a PC, mice, keyboards, and monitors by smashing a window of one of Sutter Health’s administrative offices in California.
The PC contained names, addresses, dates of birth, phone numbers, and email addresses for about 4.24 million patients. For some patients, information about medical procedures, prognosis, and health insurance information was also compromised. No Social Security numbers or credit card numbers were stored on the stolen PC.
At the time, Sutter Health was working on encrypting data but portable equipment was taking precedence. The only thing that stood between hackers and their access to this vast amount of information was a user password for the computer.
To date, the computer has not been recovered. However, unlike the lawsuit against the Department of Veteran’s Affairs, the victims of the Sutter Health security breach were unable to demand compensation. In 2014, the California Third District Court of Appeal dismissed the lawsuits because the loss of possession is not a breach of confidentiality.
In this case, the court’s decision implies that having data stolen isn’t enough to cause a problem since there is no proof that it was misused.
Thieves Steal Hardware with Personal Data for 100,000 Patients
Crescent Healthcare, a Walgreens company, became the victim of a theft in December of 2012. According to the company, an unknown thief or group of thieves broke into the company’s offices and stole computer hardware believed to contain the personal information of about 100,000 patients.
The stolen information included names, addresses, phone numbers, Social Security numbers, health insurance data, dates of birth, and clinical diagnoses. Surprisingly, authorities weren’t notified until three days after the break-in.
This wasn’t Walgreens’ first HIPAA breach nor was it the first theft of patient records. According to representatives of Crescent Healthcare, the company is increasing security and employee training as a result of the breach.
Why Physical Security Is As Important As Cyber Security
Most companies understand the risk of hackers when it comes to their electronic documents. But not every organization is thinking about loss of data through theft. It’s important to adequately secure physical property as well as the information it houses.
It’s not enough to rely on user passwords to protect sensitive data. You also shouldn’t save passwords in an unencrypted text document on your computer because that can easily be seen by anyone. Last but not least, it’s important for your organization to create and enforce adequate policies and procedures for appropriate document management that reduce the likelihood of theft and potential negative fallout in case of theft.
How eFileCabinet Keeps Your Document Safe
When you store your document in the cloud with eFileCabinet, you don’t need to back them up on computer as well. This means that a stolen computer wouldn’t necessarily compromise the security of your files. However, eFileCabinet still recommends keeping your computers locked away safely. If you store personal information about your customers, then you should ensure that your employees keep their laptops with them at all times. Never leave them unattended in a car or public place.