Thursday, November 19, 2009

unbelievable

six months to report a very serious data breach. as i said, unbelievable.

i know i've talked about it before, but i'm going to do it again. we have to encrypt everything with a social security # on it (well ANY personal data) if it's going outside. we CANNOT use flash drives AT ALL (we used to be able to but no longer). we have a data depersonalization program which is constantly evolving. we have a social security remediation project (which i'm personally working on). there is not a doubt in my mind, if some of my company's data was breached it would be reported immediately. (i personally think a LOT of the rules we have are unnecessary but no one asked me. rules like our desks, our cabinets have to be locked when we leave or are even away from our desks for over an hour. we have a secure building. cameras everywhere. security guards. key cards to get in. )

no excuse for health net to wait six months

Vast Data Breach Of Health Net Information Includes Patients' Records

The Hartford Courant
A hard drive with personal, financial and health information for about 446,000 Health Net customers in Connecticut was lost six months ago and first reported today, state officials said.

The company informed the Attorney General's office and the state Insurance Department Wednesday of the security breach. A portable, external hard drive with Social Security numbers, bank account details and health information for patients "disappeared" from the insurer's Northeast headquarters in Shelton.

The Data, with wide-ranging information from members and providers dating to 2002, was compressed, but not encrypted. The information requires a specialized computer program to be read, according to the Attorney General's office.

Attorney General Richard Blumenthal and Insurance Commissioner Thomas Sullivan both said separately that they are investigating what happened, and why the company waited six months to report the incident..................

Technorati Tags:, , , , ,
Generated By Technorati Tag Generator

No comments: