Interesting with regards to how vulnerable laptops, and mobile devices are, but doubtful as to how many records become available for identity theft / fraud usage.

We actively track data breaches from all organizations, and by far the largest breaches are from web based attacks. the average laptop device yields a few thousand, while the web attacks are yielding tens of thousands up to several hundred thousand data records. these types of breaches will more likely find their way into the hands of the active fraudsters more than a lost / stolen laptop, although this is not intended to play down the laptop problem.

The key concern is that the majority of sensitive data that is on laptops shouldn't be there in the first place. Any sensitive data on laptops needs to be encrypted with strong controls over access to keys.

In many cases, the medical establishments are being fined for such data losses, but this is of no consolation to the individuals impacted by the issue.

I agree that prevention is the way to go, but unless you understand the risk and associated impact - customer / patient / financial / bottom line, you will never know where to focus your prevention activities.

Implement a Risk Assessment program - integrate this into your HIPAA program and it will be a good starting point.

Best Regards
David J Coombes - ExoIS, Inc.

Medical fraud does not only affect your financial record, but it could affect your actual medical record. Many patients find discrepancies on their hard copy medical records after a data breach. Individuals steal medical identities to avoid having to pay for health care. For example if someone has stolen your medical identity then your blood type could be listed on your medical record as that individual's rather than your own. This includes all your medications and allergies to medications making your health record dangerous to you. Emergency personnel, nurses and doctors all treat you based off of your medical record and if it is compromised these medical providers could make a costly mistake. Take your health care into your own hands with a mobile medical record device called the LifeGuard30. The LifeGuard30 ensures that your medical records are on the scene of an emergency or hospital visit. Because you are the one who controls the information on the system, emergency personnel can use the LifeGuard30 as an extra precaution when treating you and save time because all of your information is already there. In light of all the recent security breaches take the extra step when it comes to your health and safety and take it into your own hands.