Posts Tagged ‘Data Protection’

Department of Health and Human Services Announced an Internal Data Breach

January 28th, 2011
The Department of Health and Human Services he...
Health and Human Services Headquarter

Every week we post  news about data breach incidents, some of which also involves the identity theft and activities around financial security. Data breach news, may be not the best way to remind you of the need for security but through this we make you aware that don’t just read or watch the news. To stop such cases you need to act and take immediate action like using data protection and data encryption software like Alertsec Xpress.

Department of Health and Human Services

The latest news of data breach is of the North Carolina Department of Health and Human Services. DHHS has announced an internal data breach that computer disks belonging to the Division of Services for the Deaf and the Hard of Hearing are missing. DHHS claims that the missing disks accidentally fallen in the landfill as there a renovation process was going on in the North Carolina DHHS office.

According The DHHS press release, “a set of computer disks belonging to the Division of Services for the Deaf and the Hard of Hearing (DSDHH) may have been accidentally discarded and likely taken to a landfill”.

This statement makes it clear that they were also not sure about the disk taken to a landfill. Might be, the disks were stolen while offices were being renovated. Although the breach is not clear but according to the NC Senate Bill 1048, it is a case of data breach and DHHS has to inform the victims of the breach.

Disks were Locked Under a Secret Code

The disks contained personal information of clients who had applied for services from the Equipment Distribution Service within DSDHH from January 2005 through December 2008. For the security measure disks were encrypted since 2008.  Although disks were locked under a secret code but that code was very easy to crack.

For precautionary measures DSDHH is sending the letters to each person whose information was stored on the missing disk. This letter included the information related to the incident and guidance how they can protect themselves from identity theft. DHHS also notified the Consumer Protection Section about the breach and contacted the State Bureau of Investigation.

Concerned or Affected Citizens can Contact DSDHH

DSDHH has added a link to consumer protection information on the division’s website at www.ncdhhs.gov/dsdhh and prepared staff to answer questions from concerned citizens who may have been affected.
Clients with questions or concerns should call (800) 662-7030 (English/Espanol) or TTY for the hearing impaired at (877) 452-2514 between 8 a.m. and 5 p.m. weekdays. In the Triangle, call (919) 855-4400 or (919) 733-4851 (TTY for the hearing impaired). Questions or concerns can also be e-mailed to care.line@dhhs.nc.gov.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.  Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles
Enhanced by Zemanta

1 comment »

Posted in Hard Disk, data breach

Tags:

The Ghost of the Laptop Thief Strikes Again

February 12th, 2010

Who is he? Is he the mysterious man who breaks walls and steals data or is he A.J. Raffles. Whatever be the case, the data thief is striking quite regularly & making it big everytime. This time his victim was the corporate office of AvMed Health Plans in Gainesville. The objective was to to steal the two company laptops. But as mentioned in Ceridian’s case, the loss was not just the cost of physical devices. It also meant that the personal information of more than 200,000 current and former subscribers, their dependents was compromised.

Once again the exposure of data was a common set of objects:

  1. The personal information includes names, addresses, phone numbers
  2. Social Security numbers
  3. Protected health information.

While we believe that any aspect of data loss needs to be treated with a high degree of seriousness, in this case the company admitted that the data was structured randomly & the losses amounting from the theft are very low as well.

How did the invisible ghost strike?

It is a bit surprising to know & difficult to understand that the laptops were stolen from the closed doors. According to the security employees, the doors of conference room were properly locked in the evening but when they came the next day, the laptops were found to be stolen. Apparently, the only people to have the keys with them are the security staff & the cleaning crew. So do this mean that we should zero down on them as the invisible ghosts?

But rightly so, Cochita Ruiz Topinka, the spokeswoman of AvMed mentioned that they didn’t want to jump to any conclusions.

Why the delay in announcement?

If you notice carefully, there has been a decent delay in the security breach announcement. While the incident was determined in December, the public announcement of breach was only made on 5th February. According to the authorities, the delay in announcement was caused to avoid problems in investigation and for setting up the identity protection services.

The magnitude of the loss

As mentioned, it is believed that there is no major loss since the data was completely unstructured. However, things will become clear when the members being the identity protection registration process.

Ed Hannum, President & COO mentioned in a press release, “We will do all we can to work with our members whose personal information may have been compromised and help them work through the process”. “We regret that this incident has occurred, and we are committed to prevent future occurrences.”

Data Theft Humour:: Via I've Been Mugged

What you can do

In the meantime, if you are an affected subscriber this is what you can do. Register yourself with Debix Identity Protection Network, which would tell you if your information was potentially exposed. You can call Debix at 877-263-7998 (TTY 877-442-8633).

Be it Ceridian, Hitech or AvMed the sequence of events is quite similar. There is a physical device that is stolen for e.g. a laptop or portable disk. The loss is reported by the authorities, there is an initial silence and after a period of weeks/months it is made public. While we can understand the delay by the authorities, what certainly don’t augur well are the methods of encrpytion. If the organizations can use the right type of data security software and laptop encryption methods, it would ensure that the data remains protected if a physical device theft is reported.

3 comments »

Posted in Data Protection, Encryption

Tags:

Laptops Loaded with Private Data

April 7th, 2009

lockedToday, you have laptop computers coming and going and it seems like every day a new and even smaller laptop model comes out. The challenge is that most people don’t realize what they really have on their laptop.

While people like the convenience of the small laptops, from an IT perspective the smaller the laptop the easier it is to be lost or stolen. And I can’t tell you how many times I’ve heard “But all my data is on the network, there’s nothing important on my PC.”

One of the key reasons why we encrypt all our laptops is that no matter how careful you think  you are – your laptop has data. Consider all these things that can be on your computer:

Passwords saved in your browser – You know you shouldn’t do this.  You know it’s not secure.  But admit it – most of us have saved at least one or two passwords in our browser. It won’t take a thief more than a minute to track these down.  I used Firefox and it just took me only 4 clicks to see the entire list I have saved on my home PC!

Not using unique passwords – Let’s all keep going with the confessions.  How many of your accounts use the same password?  You have to – the human brain can only hold so much.  So if a thief gets one of your passwords, they are likely to be able to hack into multiple accounts.

History saved in the browser – You might think, “well a thief won’t know what sites I visit” but you are dead wrong because of the saving of bookmarks, sites visited and the browser cache.

Access to the corporate network - The above issues might just effect an employee’s personal information, but how many of your employees have saved the password to their VPN or other access client on the PC.

These examples are just the tip of the iceberg as there are so many instances where convenience outweighs security on laptops.

For an employee, losing a laptop could be worse than losing their wallet or purse.  As noted with the VPN issue, the company will suffer from potential access to their network. But the company will also see productivity issues as the employee will be spending many hours closing accounts and on hold with busy call centers – typically during the busy workday.  Your loss from just one laptop theft could be more than a year of data encryption protection with AlertSec Xpress for your fleet of laptops!

As the IT manager some days I long for the mainframe days. All you had was one big computer in a computer room with a nice big lock on the door. Anything outside the computer room was nothing more than dumb terminals linked to the mainframe. No Internet, no dial-up – just a really secure computer system.  But since we are not going back to those days – I use protection wherever and whenever I can.

1 comment »

Posted in Data Protection, Encryption

Tags: