U.S. HealthWorks, a Dignity Health member, is notifying employees that one of their fellow employees screwed them by leaving a laptop with their unencrypted name, address, date of birth, Social Security number, and job title in a car, from where it was stolen overnight.
Well, they don’t describe it that way, but that’s the net result, isn’t it?
The theft occurred on April 21, and U.S. HealthWorks learned of it on April 22nd.
Why the employee left a laptop with their unencrypted information in a car overnight was not explained.
Why the data were unencrypted was unexplained.
The number of employees affected was not disclosed.
Whether the employee was disciplined in any way for this was not mentioned.
But U.S. HealthWorks wants its employees to know that it is “committed to maintaining the security and confidentiality of our employees’ information” and that the laptop was “password protected.”
U.S. HealthWorks also wants its employees to know that it has no reason to believe any of the information has been accessed or misused, although they don’t state whether there was any software on the laptop that would phone home in the event of access.
They also want employees to know that in “an abundance of caution,” they are offering said employees one year of Experian’s ProtectMyID service.
(How many stock phrases can their notification letter contain?)
Going forward, U.S. HealthWorks will “enhance” their procedures related to deployment of laptops and full disk encryption. It is not clear from that wording whether there was actually any encryption policy in place at the time of this incident that was violated and whether the laptop in question was supposed to have been using FDE.
They will also implement regular surveys or audits to help ensure compliance with their laptop policy.
???? ???????????? ??? ?????????? ??? ???????????? ???? ????????? ???? ???????????????? ??? ???? ??????????? ????????????? ????????????????????????????????????????????????????????????????????????????????????????????