Stolen computers were ‘password protected’ but their hard disks were not encrypted. Now the company is on the ropes.
Read about it here: http://nakedsecurity.sophos.com/2013/09/10/us-health-care-company-faces-giant-class-action-suit-for-losing-over-4000000-unencrypted-records/