Wednesday, October 12, 2011

Data breach exposes 4.9 million Tricare patients

A data breach affecting 4.9 million Tricare beneficiaries began when a government contractor left backup computer tapes in his car after parking it in downtown San Antonio one day this month. The worker had been given the job of taking the tapes from one federal facility to another when they were stolen.

“How does it happen? ... At one level, the answer's totally carelessness, obviously,” Stahl said.

“Let's take a medical facility. They've got a heart that needs to be transplanted into a patent and they give it to somebody to take from Point A to Point B. Is that person going to stop for eight hours along the way?” he said.

We are human and as humans we are subject to errors.  Errors in behavior, errors in judgment, errors in concentration.  It was on the way.  I was only going to stop for a few minutes.  What could possibly happen?  Who would even know what to do with these tapes?  No one will know. 

It just is not possible to know at this point where the system broke down, but there is a steady trend of these incidents.  It could also be that we are just hearing about them more now.  Bottom line is that you cannot be too careful or take enough care when handling information of this type. 

A Written Information Security Plan (WISP) establishes the guidelines for handling and securing private information.  A plan is only as good as its implementation.  That is why a WISP plan is not a static document that collects dust on a shelf.  It is monitored, updated, and reviewed every year and at any fundamental change in business operations.   It is not a catch all, but it is a necessity that the government looks for in cases like these.  A good WISP plan creates a defensible position. 

Dolvin Consulting works with industry experts Cyber Security Auditors & Administrators (CSA2) to assess your risk exposure and develop the solutions needed to protect your information and to give you the tools to manage your risk.

When your questions outnumber your answers it is time to contact us.

No comments:

Post a Comment