|
Posts: 121
Joined: April 2008
|
|
#48999
10/05/2012 9:04 AM
|
Joined: Oct 2011
Posts: 1,612
Member
|
OP
Member
Joined: Oct 2011
Posts: 1,612 |
Keep those laptops encrypted!!
Physician's Stolen Laptop Leads to $1.5 Million Settlement--this article appeared in Medscape today
jimmie
internal medicine
gab.com/jimmievanagon
|
|
|
|
|
Joined: Jun 2009
Posts: 1,811
Member
|
|
Member
Joined: Jun 2009
Posts: 1,811 |
Yep - full disk encryption is free/cheap, and worth the trouble.
Most loses aren't going to be this disruptive and costly, but I do know of a certain large healthcare company that brought in a team of pros to encrypt every laptop in their organization with 60 days after they had had laptops stolen and their CEO was summoned to DC to answer questions.
Cost them millions to remediate their problem.
|
|
|
|
|
Joined: Sep 2009
Posts: 2,981 Likes: 5
Member
|
|
Member
Joined: Sep 2009
Posts: 2,981 Likes: 5 |
Indy, is there an easy, inexpensive way to do this?
I don't have AC on the laptop itself, so no patient data is on the internal drive, but if I wanted to encrypt, what would you suggest?
Jon
GI
Baltimore
Reduce needless clicks!
|
|
|
|
|
Joined: Jun 2009
Posts: 1,811
Member
|
|
Member
Joined: Jun 2009
Posts: 1,811 |
Indy, is there an easy, inexpensive way to do this?
I don't have AC on the laptop itself, so no patient data is on the internal drive, but if I wanted to encrypt, what would you suggest? Inexpensive - yes Easy - that is a relative term  for me (or you), I would say it is easy, it just takes a few steps and attention to detail. If you think there is sufficient interest (or should be), I can spell it out. I'll mention in passing that there are tools to encryption portions of your disk, but that misses the point of what most bad actors are targeting. For those who target more affluent individuals/households, they are more interested in your browser and remote software than your patient data. A browser (or remote access) with saved passwords is like a master-key to all of your information and accounts. Scary. That is why I recommend an encryption tool like LastPass to vault your credentials. I'll also mention that on the enterprise side we have been brought in to deal with patient data theft, and that is often done with something more sophisticated like a spear-phishing attack. Not typical of how solo-small group practices are breached.
|
|
|
|
|
Joined: Apr 2011
Posts: 2,316 Likes: 2
G Member
|
|
G Member
Joined: Apr 2011
Posts: 2,316 Likes: 2 |
Windows 7 Ultimate/Enterprise has full disk encryption with bitlocker.
There's also the free True Crypt as well.
|
|
|
|
|
Joined: Jun 2009
Posts: 1,811
Member
|
|
Member
Joined: Jun 2009
Posts: 1,811 |
To a bad actor, nothing says "Buzz Off" when they open a laptop and expect the nice Windows log-on screen, and instead get a terse interface that says please provide credentials to decrypt.
Priceless.
|
|
|
|
|
Joined: Apr 2011
Posts: 2,316 Likes: 2
G Member
|
|
G Member
Joined: Apr 2011
Posts: 2,316 Likes: 2 |
Since a lot of people put everyone in the security permissions. It's probably easier to get on the wireless network and grab the data rather than stealing a computer. That's the preferred method nowadays.
|
|
|
|
|
Joined: Feb 2011
Posts: 679 Likes: 1
Member
|
|
Member
Joined: Feb 2011
Posts: 679 Likes: 1 |
Why not just use the fingerprint reader to lock down the laptop?
Donna
|
|
|
|
|
Joined: Apr 2011
Posts: 2,316 Likes: 2
G Member
|
|
G Member
Joined: Apr 2011
Posts: 2,316 Likes: 2 |
Ha, that won't help. Doesn't matter how complicated the Windows password is, it can be removed in minutes. They should do a demo at the ACUC.
|
|
|
|
|
Joined: Oct 2011
Posts: 1,612
Member
|
|
OP
Member
Joined: Oct 2011
Posts: 1,612 |
Since a lot of people put everyone in the security permissions. It's probably easier to get on the wireless network and grab the data rather than stealing a computer. That's the preferred method nowadays. Any suggestions on wireless network passwords, or is it the same logic as any password?
jimmie
internal medicine
gab.com/jimmievanagon
|
|
|
|
|
Joined: Jun 2009
Posts: 1,811
Member
|
|
Member
Joined: Jun 2009
Posts: 1,811 |
Since a lot of people put everyone in the security permissions. It's probably easier to get on the wireless network and grab the data rather than stealing a computer. That's the preferred method nowadays. Any suggestions on wireless network passwords, or is it the same logic as any password? If you are talking about about securing your wireless network, lock it down to the MAC IDs of the devices that are practice devices. Then set a 26 character (or your max length) password your device supports. Also WEP != security - takes second to hack.
|
|
|
|
|
Joined: Apr 2011
Posts: 2,316 Likes: 2
G Member
|
|
G Member
Joined: Apr 2011
Posts: 2,316 Likes: 2 |
Indy is completely right. WPA2/(EAP/RADIUS) is your best bet to avoid hackers trying to get in on the wireless. EAP/RADIUS is the method typically used to business wireless networks. Has controlled credentials like usernames and passwords instead of a pre-shared key.
Definitely listen to Indy and avoid WEP. It's extremely simple to hack. Unfortunately, it's still widely used.
|
|
|
|
|
Joined: Dec 2009
Posts: 1,197 Likes: 8
Member
|
|
Member
Joined: Dec 2009
Posts: 1,197 Likes: 8 |
Ha, that won't help. Doesn't matter how complicated the Windows password is, it can be removed in minutes. They should do a demo at the ACUC. I'm afraid I'm going to have to take issue with that remark. I know of a few laptops right now you'll never get into - at least not within our lifetimes. JamesNT
|
|
|
|
|
Joined: Oct 2011
Posts: 1,612
Member
|
|
OP
Member
Joined: Oct 2011
Posts: 1,612 |
Thanks Indy, Sandeep, and JamesNT--you guys are great!!!
jimmie
internal medicine
gab.com/jimmievanagon
|
|
|
|
|
Joined: Apr 2011
Posts: 2,316 Likes: 2
G Member
|
|
G Member
Joined: Apr 2011
Posts: 2,316 Likes: 2 |
Doesn't matter how complicated the Windows password is, it can be removed in minutes. I was referring to the Windows password as the sole means of authentication. Can easily be removed in minutes.
|
|
|
|
|
Joined: Dec 2009
Posts: 1,197 Likes: 8
Member
|
|
Member
Joined: Dec 2009
Posts: 1,197 Likes: 8 |
I know what you were referring to. The issue is that if a Windows system is properly configured, if you remove the Windows password - or change it - using a third party tool then files that account has access to become unreadable if encrypted with EFS - a built-in Windows tool.
Lastly, the vast majority, if not all, ways to remove or change the Administrator password - to my knowledge - require physical access to the machine in question.
JamesNT
|
|
|
|
|
Joined: Apr 2011
Posts: 2,316 Likes: 2
G Member
|
|
G Member
Joined: Apr 2011
Posts: 2,316 Likes: 2 |
The issue is that if a Windows system is properly configured, if you remove the Windows password - or change it - using a third party tool then files that account has access to become unreadable if encrypted with EFS - a built-in Windows tool. I'm aware ha. That's why I keep saying as the sole means of authentication. How many off the shelf laptops come with disk encryption enabled/"properly configured"? Very very few. Lastly, the vast majority, if not all, ways to remove or change the Administrator password - to my knowledge - require physical access to the machine in question. That's what the entire thread is about. We are discussing with laptop theft and measures you can take to secure your computer. Even so remote attacks are pretty common these days. A little VNC backhook and the hacker can see everything you see. Take over when you go to sleep.
|
|
|
|
|
Joined: Dec 2009
Posts: 1,197 Likes: 8
Member
|
|
Member
Joined: Dec 2009
Posts: 1,197 Likes: 8 |
Sandeep,
Quite correct on all points. I missed the "sole means of authentication" part. Apologies.
Security is a journey, not a destination. Unfortunately, most people see it as a turn to avoid altogether.
JamesNT
|
|
|
|
1 members (Headcase),
216
guests, and
19
robots. |
|
Key:
Admin,
Global Mod,
Mod
|
|
|
|
.png "ACUF Donor I")
