The breached information includes included names, residences, mailing addresses, dates of birth, Social Security and Medicaid numbers, and medical diagnoses or treatment information.
DADS came to know the incident on April 21, 2015 that the information was accessible through a web application meant for internal use only. The company added that it “immediately took down the website and launched an investigation, which is ongoing.”
“DADS has no reason to believe any of the information has been misused,” the statement explained. “DADS has strengthened its policies, procedures and web-application security in an effort to prevent such a breach from occurring again.”
Department spokeswoman Cecilia Cavuto mentioned that it is possible the data was posted when its handling was transferred to another department last fall.
“I don’t think we have the answer to what exactly caused this breach just yet,” Cavuto said. “It looks like the application was developed without the appropriate security. It was supposed to be an internal application, which points to human error.”
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.