Hospital Suffers Breach Stemming from Stolen Unencrypted Laptop


Enterprise security is not something to consider halfheartedly. When it comes to protecting your business, you can either take the necessary steps to defend your organizational infrastructure or face the very real possibility of attack. Many companies these days default to this latter option by shirking their responsibility to put in place safeguarding measures like strong authentication, certificate management and other protective strategies.

When a business like this is breached, company administrators invariably come out and say that customer security is a top priority and that steps will be taken to restore patron trust. But by the time a breach incident happens customer trust is often too damaged to salvage. In this way, a security episode can cause irrevocable damage to an enterprise’s reputation and therefore its business.

Hospital in South Carolina Latest Organization Left Red-Faced by Breach
When it comes to guarding patron trust, in fewer businesses is that more important than healthcare. After all, medical records constitute some of the most privileged data out there. Considering that, one would assume hospitals would take every reasonable measure to protect their data. Unfortunately, that’s not always the case.

Self Regional Healthcare in South Carolina is the latest hospital to suffer a breach that places patient data in jeopardy, according to HealthIT Security. In a notification to the South Carolina Department of Health, Self Regional admitted that over Memorial Day weekend an unencrypted laptop with patient records on it was stolen. It has not yet been determined exactly how many patients could be impacted, but estimates place the number at more than 500.

The specific nature of the information on the laptop is extremely privileged, and includes not only patient Social Security numbers and addresses but also insurance information and even specific data on health conditions and procedures.

Attempt at Contrition Falls Short
In typical post-breach fashion, the hospital’s president and CEO, Jim Pfeiffer, wrote in an official release that, “Self Regional takes the security of our patients’ personal information very seriously.”

Pfeiffer went on to state that the hospital is taking every measure possible at this stage to defend patient security and prevent the malicious use of data.

“We retained third-party computer forensic experts to assist with the investigation of this incident,” he said, adding that the hospital is attempting to maintain as much transparency as possible about its response to the incident moving forward.

“In an abundance of caution, Self Regional is providing written notice of this incident to affected individuals, to the U.S. Department of Health and Human Services, as well as to certain state regulators,” he said. “We are also publishing notice of this incident on our website and to major statewide media.”

But even after reading this response, a crucial question remains: How did this incident happen in the first place? That is, considering the data on the laptop was so private, why was the computer not properly encrypted? This is a question that the hospital will now have to account for on a very public stage, and its reputation will likely suffer as a result.


Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 5,000 organizations spanning 85 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI.


Add to the Conversation