Data loss is a growing problem in the healthcare industry. Sites such as HealthcareInfoSecurity regularly publish news headlines about data breaches, and patient-related breaches are chronicled on Health and Human Services' "Wall of Shame" for institutions that have suffered breaches affecting 500 or more patients.
In order to protect the institution's information and community, ITS enforces Policy 11.06 for Laptop Encryption. All Information Technologies & Services (ITS) tagged laptops must be encrypted using the ITS-managed encryption system, otherwise known as Whole Disk Encryption at no additional charge.
What is Whole Disk Encryption?
Whole Disk Encryption (WDE) provides strong protection for a computer hard drive by making data inaccessible to those without proper access credentials. Additionally, encryption exempts WCMC from reporting requirements in the event of a theft or loss under the Information Security Breach and Notification Act, and it meets many of the security standards defined under the HIPAA Security Rule.
Encryption is available for both Windows and Mac OS X systems. A complete FAQ page can be found here.
Encryption for Windows
Pretty Good Privacy (PGP) is an industry standard encryption system that has been in use in academia for over 20 years. It was recently purchased by Symantec.
Encryption for Mac OS X 10.7 "Lion" and Higher
Mac OS X v10.7 "Lion" introduces FileVault 2. The new version encrypts the entire disk rather than the user's home folder. FileVault uses the government-approved encryption standard, the Advanced Encryption Standard with 128-bit keys (AES-128).
How Do I Get My Computer Encrypted?
- Back up all valuable data on your computer, including email and documents. Contact the ITS Service Desk at x6-4878 for assistance in backing up data.
- Fill out and submit the laptop encryption form. A member of the ITS Service Desk will contact you to arrange the installation.
- If not already done, sign into myPassword and complete the account setup process.
How Can I Tell If My Computer is Encrypted?
When you boot up your computer, you should be presented with a grey screen asking you to log into PGP Desktop.
Mac OS X
- Navigate to Apple > System Preferences > Security & Privacy.
- On the FileVault tab, you should see FileVault is turned on for the disk "[Your Disk Name]".
What About Flash Drives and External Hard Drives?
We highly encourage you to not store any sensitive or confidential files on external media, due to the higher risk for data loss. In addition, there are several viable options for accessing your work files without having to use portable media, such as using department shared drives, the WCMC Transfer Service, and Virtual Desktop Infrastructure.
If you must use a flash drive, external hard drive or NAS device, you must purchase that meets the government-standard FIPS 140-2 encryption standard. These devices are available on CDW-G site for purchase through your department (search for "FIPS", "IronKey" or "Apricorn").
What About Mobile Devices?
All tagged mobile devices must be managed by ITS through the Mobile Iron Mobile Device Management service.
Additional information on our encryption policy can be found here.