" Lost laptop without encryption? Lost data."
COMPANY
Sector: Healthcare
Size: 200 employees
Location: Flanders
FACTS & FIGURES
Incident: A laptop containing 5,000 patient records was stolen from an employee’s car
Encryption: Not enabled
Business Impact: Regulatory fines and reputational damage.
STORY
In a healthcare organization based in Flanders, an employee’s laptop was stolen from their vehicle during a routine visit to a partner clinic. The laptop contained sensitive patient data, including medical histories and personal identifiers. Unfortunately, the device was not encrypted, and no remote wipe capabilities were in place. The data was considered exposed, triggering immediate legal obligations to notify authorities and patients.
INCIDENT OVERVIEW
End-user devices such as laptops and smartphones often store confidential data. Without encryption, data at rest remains accessible to anyone with physical access to the device. In this case, the absence of encryption exposed thousands of records, creating both compliance and reputational risks. Encryption acts as the last line of defense when other security measures (like physical protection) fail.
BUSINESS IMPACT
Breach of GDPR obligations and heavy regulatory fines.
Loss of patient trust.
Negative media coverage affecting organizational credibility.
SECURITY MEASURES
Here bellow, you can explore some advices to mitigate risks and enforce secure configurations:
Enforce full-disk encryption by default (BitLocker for Windows, FileVault for macOS).
Implement endpoint management to verify encryption compliance.
Enable remote wipe and lock capabilities via mobile device management system.
Train staff to secure own devices
Regularly audit encryption policies across all endpoints
RESOURCES
CIS Controls v8 – Control 3.11: Encrypt Data on End-User Devices