Stop us if you’ve heard this one before: A laptop is stolen and the theft results in the owner’s personal data being accessed by a threat actor. All user’s private data, including financial records – among other data – are made publicly available since there was little more standing between the attacker and data protection, other than a weak, easy to bypass password.
Now let’s take this scenario one step forward by changing the laptop to one owned by a healthcare professional. This one small change has triggered a huge problem for the owner and the healthcare organization they work for. Additionally it possibly violated the Health Insurance Portability and Accountability Act (HIPAA) regulations that govern all healthcare stakeholders and the devices that process and store patient data and records.