Despite tremendous publicity and public education about data breaches during the past several years, business entities continue to store personal information in unencrypted formats.  The most recent example is a large Chicago medical provider, Advocate Medical Group.  Advocate just announced that four computers were stolen from a Chicago hospital in July.  The computers contained Personal Information for over 4 million patients.  The information included patients’ names, addresses, dates of birth and social security numbers.  Advocate does not believe that the computers were stolen for the PI or that the information has been used in any way.  However, while the computers were password protected, the data was not encrypted.  As a result, the medical group is now offering credit monitoring services to over four million individuals.   

Needless to say, this breach response will be extremely costly for the medical provider and its insurance carriers.  By failing to use encryption, the medical group has incurred significant risk and expense.  This breach comes on the heels of the California Attorney General’s data breach report which announced that more than half of California’s 2012 data breaches involved unencrypted personal data.  Businesses and their insurers must make encryption the number one priority for their data security in the future.