The Veterans Administration's stolen laptop along with Sacred Heart's recent difficulties are reasons to keep any IT professional lying awake at night wondering where their data are. In the case of the VA, a *dedicated* staff member apparently was doing a little homework at home with real data in violation of VA policy, and the laptop was stolen. What institution doesn't have employees that don't do homework? The VA is going to require the staff to undergo cybersecurity training by the end of June, but organizatons will always be at risk fro low-tech mistakes. On the other end of the spectrum are the institutional systems such as those at Sacred Heart that are maintain by over-extended or inexperienced staff. Not that I have specific information as to the nature of the breech at SHU or that staff issues were the cause, but it is certainly a very plausible explanation. Regardless, the charge to maintain and secure institutional data is more challenging than ever. The hackers only have to be right once, while we must be vigilant 24x7x365 on all systems and with all staff.