AusCERT - Encrypted backups - an example in why

HOME

About AusCERT

Membership

PKI Services

Training

Publications

Sec. Bulletins

Conferences

News & Media

Services

Web Log

Site Map

Site Help

Member login

Encrypted backups - an example in why

Date: 28 April 2008

Click here for printable version
ComputerWorld is reporting that a University Hospital has had up to 2 million patient records compromised in a data breach.

The breach reportedly occurred when an backup tapes were stolen when the third party offsite backup company's truck was broken into whilst parked in the city.

If you have been considering the need for encrypting your confidential information on backup tapes - this is a great case in point. Also, it probably highlights the need to check your contracts with any third party offsite providers to ensure that there is adequate protection for your information, and sufficient recourse available in the event that the unthinkable happens.

The related issue of encryption of data at rest on servers should probably be considered in the light of this sort of theft, as laptops, desktops and even servers have been stolen in the past - full of confidential information.
Even without specific Australian legal requirements pertaining to breach reporting, you would be wise to consider the potential PR impacts of a breach - as this sort of information has a way of getting out.

Lets hope everyone has encrypted backups - if not now then at least going forward...

Cheers

Karl