Laptop Encryption at AHC
Most of AHC’s computers are what we call Desktop computers. These are computers that sit on a person’s desk in their office, cubicle, nursing station etc. and are permanently located in these locations.
However, some AHC employees need to use mobile computers that can be taken with them wherever they go. These employees use laptops.
Both types of computers may contain sensitive patient related data that need to be diligently protected from being accessed by any unauthorized person. Naturally, laptops are more susceptible to be compromised, either by being lost or stolen, and then accessed by an unauthorized person. The encryption of laptops, along with the diligence of AHC employees, will significantly reduce the risk of a lost or stolen laptop being accessed by an unauthorized individual.
2. Purpose of encryption
Laptops that are encrypted will prevent unauthorized persons from accessing or understanding the data contained on the laptop. However, the owner of the laptop will easily be able to access the data and will not notice any difference when using the laptop.
3. What does encryption mean
Encryption means that all the data within the laptop is encrypted (i.e., written in a garbled way that no one can comprehend or use). Only the laptop owner who has a special passphrase can view it and use it.
Encryption happens automatically when a user keys in any data and decryption happens automatically when the user views the data on the screen or print it (while the data on the disk remains encrypted).
When the laptop is turned on, the system ensures that the authorized owner of the laptop is actually the person who turned it on, by asking that person to enter a special passphrase. This passphrase is the password for the un-encryption process, and allows the user to access the data and applications within the laptop. As long as the laptop remains on, there is no need to reenter the passphrase [Users are encouraged. however, to turn off the laptops if they are left alone in any vulnerable place].
4. What happens right after the encryption process is over?
The encryption process takes about 3-4 hours. When completed, the user will turn on the laptop and, with the assistance of a PHNS technician, will create a Passphrase that will allow him/her to use the laptop from now on.
5. How does encryption affect the user
Except for the need to enter the passphrase when the laptop is turned on, there is no noticeable effect on the speed of the laptop or on any other usage of it.
6. What happens when one turns on the laptop?
Whenever the laptop is turned on (boot) the first screen that will appear is the PGP Encryption screen, which will ask the user to enter their Passphrase.
Every user of a laptop will have a passphrase. A passphrase is similar to a password, as it is a sequence of characters that only the user knows. The passphrase must have the following characteristics (known as strong password requirements):
1. At least 8 characters
2. A combination of Upper & Lower case
3. At least 1 number or 1 letter (alpha & numeric)
4. At least 1 special character
Note: There is absolutely no entry to the laptop or its applications without entering the correct Passphrase
6.2. Following Passphrase
Once the correct Passphrase is entered, the regular laptop login sequence that the user is used to, will follow.
7. What happens during normal usage of the laptop?
Once the laptop is on and the passphrase is accepted, the laptop operates as it used to before the encryption. Although encryption does occur (unnoticed by the user), the laptop “behaves” totally the same as it used before.
8. What to do in case of a problem?
If you have any problem and in particular if you forget the passphrase, call Help-Desk (1-800-443-2026) and they will assist you. You must have the laptop in front of you when you call.
9. Connecting into the network
AHC’s policy requires users to connect to the AHC network periodically. This allows for automatic installation of patches and maintenance software that ensure safety and proper capabilities of the laptop. Connection to the network is achieved automatically if one brings the laptop to the office or when connecting via VPN (it does not happen when one uses a modem or connects from home to the internet only).
Connection to the network is also used to synchronize between the user and the encryption server. If a user fails to connect to the AHC network within 90 days, he/she will not be able to access their laptop even if they enter the correct Passphrase. The only recourse in a case like this will be to bring the laptop to a technician who has the capability of re-synchronizing (without access to the encrypted data).
The easiest and best way to avoid such a situation is to make sure to bring the laptop at least once a month to work and turning it on in the office. Once pass the encryption screen, the laptop will automatically connect to the AHC network and synchronization takes place.