Thursday, February 22, 2007

Laptop Stolen from Local Hospital Contains Information on 8K

Via News8Austin (local) -

Nearly 8,000 uninsured patients who were treated at Seton hospital system facilities are being warned to watch for signs of identity theft.

A laptop containing personal information was stolen last week from an office in the system's information services department in Austin.

A security camera captured video of the thief carrying out a laptop and projector and that information has been provided to the Austin Police Department.

A Seton system official says the computer doesn't contain patient health information. But it can contain names, birthdays and Social Security numbers of uninsured patients who went to Seton-owned emergency rooms, outpatient services and area health clinics since July 2005.

However, the information isn't easily available because it is protected by a “complicated password protocol.''


Seton plans to send letters beginning this week to affected patients. The hospital system has set up a toll-free number and website for anyone seeking more information: (888) 325-3456.

-----------------------------------------

However, the information isn't easily available because it is protected by a “complicated password protocol.''

Ummm, This is a perfect example of what I was talking about in my blog this morning.

This single sentence makes me assume that if the data was encrypted, they would have said that...instead of talking about the "complicated password".

Hopefully they aren't referring to the Windows login password.

Do you think they disabled LM hashes? Or do you think the password was long enough to ensure LM hashes were not created? If they are talking about the Windows password, then the attacker could easily throw the laptop drive as a secondary drive on a desktop....and

Bang! Pwnage.

No comments:

Post a Comment