I am amazed, well, not really... That companies that use Healthcare data still allow people to have this type of data, or any other PII, SPI, FTI, PCI or PHI type data to reside on a portable device like a laptop or USB drive that is NOT encrypted by default.
It's hard to believe with BitLocker being free on Windows 7 devices and the OpenSource TruCrypt, not to mention several other commercial solutions, that companies are still not encrypting drives with confidential data on them.
In the article below, $6000 was paid for credit monitoring for each owner of a lost record due to breach notification, $1000 per record lawsuit they face and the total costs at roughly $288,000 for the incident. This cost alone can not seem to convince people to encrypt their confidential data!!! It blows my mind that this type of data loss continues when there are cost effective solutions that would easily cost less than 10% of the breach.
Simple fix... Encrypt your portable devices and you won't face this risk...