2,000 health records of public school students in Fairfax Virginia have been compromised after an unencrypted laptop and paper records were stolen from a school nurse’s car.
Even though the nurse had the authorisation to have records at home and in the car, they violated protocol by not securely storing the paper files in a locked briefcase. Also, electronic data is to be stored on encrypted portables devices and not a computer’s hard drives.
It’s most likely that this was an unplanned attack, where a criminal saw the opportunity to steal valuable equipment and information, but without knowing what information the laptop and paper records held.
The nurse will face disciplinary action, and the schools will come under heavy fire from parents of the students whose information was exposed.
This incident could have been prevented if the nurse followed protocol, and it goes to show that staff training is vital – especially when handling sensitive information. Training your staff once isn’t sufficient; you need to continuously train your staff to ensure that they follow company policy and procedures without fail.
Find out more about staff training with our Information Security E-Learning Course, specifically aimed at reducing the likelihood of data breaches caused by human error.